Description

Multiple vulnerabilities were reported in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. Many image processing plugins depend on the ImageMagick library, including, but not limited to, PHP's imagick, Ruby's rmagick and paperclip, and nodejs's imagemagick.

Remediation

Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. Consult Web references for more information about this vulnerability.

References

ImageTragick

Re: ImageMagick Is On Fire -- CVE-2016-3714

CVE-2016-3714 exploit

Related Vulnerabilities

Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)

Ektron CMS unauthenticated code execution and Local File Read

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

Liferay version older than 7.1

Python object deserialization of user-supplied data

Severity

High

Classification

CVE-2016-3714 CWE-78 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor