CVE-2016-3714

Known Exploited (CISA KEV)HIGH

8.4

CVSS Severity Score

EPSS Score29.8580%

EPSS Percentile85.31th

PublishedMay 5, 2016

Last ModifiedApr 21, 2026

Vulnerability Description

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Affected Platforms (CPE)

📦

Imagemagick

<= 6.9.3-9

📦

Imagemagick

= 7.0.0-0

📦

Imagemagick

= 7.0.1-0

💻

Canonical

Ubuntu Linux

= 12.04

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 15.10

💻

Canonical

Ubuntu Linux

= 16.04

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Opensuse

Leap

= 42.1

💻

Opensuse

= 13.2

💻

Suse

Suse Linux Enterprise Server

= 12

References & Advisories

🔗 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html

🔗 http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html

Vulnerability Description

Affected Platforms (CPE)

Imagemagick

Imagemagick

Imagemagick

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Debian Linux

Debian Linux

Leap

Opensuse

Suse Linux Enterprise Server

References & Advisories

Related Vulnerabilities