CVE-2016-3714
ImageMagick Improper Input Validation Vulnerability
CVSS
—
No CVSS
EPSS
97.5%
p100
KEV
YES
Sep 9, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
ImageMagick / ImageMagick
Vulnerability
ImageMagick Improper Input Validation Vulnerability
Added to KEV
Sep 9, 2024
Remediate by
Sep 30, 2024
Known ransomware use
No
Summary description
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714