Description

Multiple vulnerabilities were reported in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. Many image processing plugins depend on the ImageMagick library, including, but not limited to, PHP's imagick, Ruby's rmagick and paperclip, and nodejs's imagemagick.

Remediation

Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. Consult Web references for more information about this vulnerability.

References

ImageTragick

Re: ImageMagick Is On Fire -- CVE-2016-3714

CVE-2016-3714 exploit

Related Vulnerabilities

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

phpThumb() fltr[] parameter command injection vulnerability

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

Invision Power Board version 3.3.4 unserialize PHP code execution

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)

Severity

High

Classification

CVE-2016-3714 CWE-78 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor