CVE-2016-3718
CVE-2016-3718
Vexday Risk Score
85Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 5.5EPSS 76.9%KEV simPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
04 May 2016Public PoC
05 May 2016Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
ImageMagick can be tricked into making unwanted network requests (HTTP or FTP) when processing a specially crafted image. An attacker could exploit this to access internal systems or services that should not be publicly reachable.
Technical detail
The HTTP and FTP coders in ImageMagick before version 6.9.3-10 and 7.x before 7.0.1-1 are vulnerable to SSRF attacks. An attacker can supply a malicious image file that causes the application to make unintended server-side requests to internal or restricted network resources, potentially bypassing firewall restrictions or accessing sensitive services.
Summary generated and translated by AI from the official description.
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/39767/unverifiedexploitdbwww.exploit-db.com/exploits/39767unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLoghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0726.htmlhttps://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlhttps://security.gentoo.org/glsa/201611-21https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718https://www.exploit-db.com/exploits/39767/https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588