ID CVE-2016-5118
Summary The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
References
Vulnerable Configurations
  • GraphicsMagick 1.3.23
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.23
  • SUSE Linux Enterprise Debuginfo 11 Service Pack 4
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4
  • SUSE Studio OnSite 1.3
    cpe:2.3:a:suse:studio_onsite:1.3
  • SUSE Linux Enterprise Software Development Kit (SDK) 11 Service Pack 4
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4
  • Oracle Solaris 10
    cpe:2.3:o:oracle:solaris:10
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
  • Oracle Linux 6.0
    cpe:2.3:o:oracle:linux:6.0
  • Oracle Linux 7.0
    cpe:2.3:o:oracle:linux:7.0
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • Novell SUSE Linux Enterprise Server 12.0 Service Pack 1
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
  • Novell SUSE Linux Enterprise Software Development Kit 12.0 Service Pack 1
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1
  • cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1
    cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1
CVSS
Base: 10.0 (as of 04-10-2016 - 14:53)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1430.NASL
    description This update for GraphicsMagick fixes the following issues : - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178) - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752]) - Prevent overflow in rle files (CVE-2014-9846, boo#983521) - Fix a double free in pdb coder (CVE-2014-9807, boo#983794) - Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799) - Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372) - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400) - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150) - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436) - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375) - Additional PNM sanity checks (CVE-2014-9837, boo#984166) - Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394) - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399) - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434) - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689) - Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698) - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704) - Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707) - Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711) - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066) - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221) - Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209) - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422) - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629) - Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123) - Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125) - Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127) - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245) - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95704
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95704
    title openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2990-1.NASL
    description Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as 'ImageTragick'. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718) Bob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 91450
    published 2016-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91450
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : imagemagick vulnerabilities (USN-2990-1) (ImageTragick)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-717.NASL
    description It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) Vulnerabilities in GraphicsMagick's SVG processing code were discovered, resulting in memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2016-2317 , CVE-2016-2318 , CVE-2016-5118)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 91769
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91769
    title Amazon Linux AMI : GraphicsMagick (ALAS-2016-717)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3746.NASL
    description Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based shell exploits for fixing the CVE-2016-3714 vulnerability. The undocumented 'TMP' magick prefix no longer removes the argument file after it has been read for fixing the CVE-2016-3715 vulnerability. Since the 'TMP' feature was originally implemented, GraphicsMagick added a temporary file management subsystem which assures that temporary files are removed so this feature is not needed. Remove support for reading input from a shell command, or writing output to a shell command, by prefixing the specified filename (containing the command) with a '|' for fixing the CVE-2016-5118 vulnerability. - CVE-2015-8808 Gustavo Grieco discovered an out of bound read in the parsing of GIF files which may cause denial of service. - CVE-2016-2317 Gustavo Grieco discovered a stack-based buffer overflow and two heap buffer overflows while processing SVG images which may cause denial of service. - CVE-2016-2318 Gustavo Grieco discovered several segmentation faults while processing SVG images which may cause denial of service. - CVE-2016-5240 Gustavo Grieco discovered an endless loop problem caused by negative stroke-dasharray arguments while parsing SVG files which may cause denial of service. - CVE-2016-7800 Marco Grassi discovered an unsigned underflow leading to heap overflow when parsing 8BIM chunk often attached to JPG files which may cause denial of service. - CVE-2016-7996 Moshe Kaplan discovered that there is no check that the provided colormap is not larger than 256 entries in the WPG reader which may cause denial of service. - CVE-2016-7997 Moshe Kaplan discovered that an assertion is thrown for some files in the WPG reader due to a logic error which may cause denial of service. - CVE-2016-8682 Agostino Sarubbo of Gentoo discovered a stack buffer read overflow while reading the SCT header which may cause denial of service. - CVE-2016-8683 Agostino Sarubbo of Gentoo discovered a memory allocation failure in the PCX coder which may cause denial of service. - CVE-2016-8684 Agostino Sarubbo of Gentoo discovered a memory allocation failure in the SGI coder which may cause denial of service. - CVE-2016-9830 Agostino Sarubbo of Gentoo discovered a memory allocation failure in MagickRealloc() function which may cause denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 96103
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96103
    title Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0D90EAD5D7.NASL
    description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92058
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92058
    title Fedora 24 : GraphicsMagick (2016-0d90ead5d7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-40CCAFF4D1.NASL
    description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92087
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92087
    title Fedora 22 : GraphicsMagick (2016-40ccaff4d1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-500.NASL
    description Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with imagemagick. It is important that you upgrade the libmagickcore5 and not just the imagemagick package. Applications using libmagickcore5 might also be affected and need to be restarted after the upgrade. For Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u6. We recommend that you upgrade your imagemagick packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91444
    published 2016-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91444
    title Debian DLA-500-1 : imagemagick security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-693.NASL
    description This update for GraphicsMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 91528
    published 2016-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91528
    title openSUSE Security Update : GraphicsMagick (openSUSE-2016-693)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-152-01.NASL
    description New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 91356
    published 2016-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91356
    title Slackware 14.0 / 14.1 / current : imagemagick (SSA:2016-152-01)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL82747025.NASL
    description The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. (CVE-2016-5118)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 92005
    published 2016-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92005
    title F5 Networks BIG-IP : GraphicsMagick vulnerability (K82747025)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-694.NASL
    description This update for GraphicsMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 91529
    published 2016-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91529
    title openSUSE Security Update : GraphicsMagick (openSUSE-2016-694)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-502.NASL
    description Bob Friesenhahn discovered a command injection vulnerability in Graphicsmagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with graphicsmagick. For Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u2. We recommend that you upgrade your graphicsmagick packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91446
    published 2016-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91446
    title Debian DLA-502-1 : graphicsmagick security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-1237.NASL
    description An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91636
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91636
    title CentOS 6 / 7 : ImageMagick (CESA-2016:1237)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-1237.NASL
    description From Red Hat Security Advisory 2016:1237 : An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 91641
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91641
    title Oracle Linux 6 / 7 : ImageMagick (ELSA-2016-1237)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7A878ED298.NASL
    description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92115
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92115
    title Fedora 23 : GraphicsMagick (2016-7a878ed298)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-716.NASL
    description It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896 , CVE-2015-8895 , CVE-2016-5240 , CVE-2015-8897 , CVE-2015-8898)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 91768
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91768
    title Amazon Linux AMI : ImageMagick (ALAS-2016-716)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160617_IMAGEMAGICK_ON_SL6_X.NASL
    description Security Fix(es) : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) - Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 91712
    published 2016-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91712
    title Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3591.NASL
    description Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with imagemagick. It is important that you upgrade the libmagickcore-6.q16-2 and not just the imagemagick package. Applications using libmagickcore-6.q16-2 might also be affected and need to be restarted after the upgrade.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91430
    published 2016-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91430
    title Debian DSA-3591-1 : imagemagick - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1570-1.NASL
    description This update for ImageMagick fixes the following issues : This security issue was fixed : - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 91664
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91664
    title SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1570-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1029.NASL
    description According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.(CVE-2016-5118) - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) - Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99792
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99792
    title EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1029)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-1237.NASL
    description An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91642
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91642
    title RHEL 6 / 7 : ImageMagick (RHSA-2016:1237)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1610-1.NASL
    description This update for ImageMagick fixes the following issues : - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93155
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93155
    title SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1610-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-757.NASL
    description This update for ImageMagick fixes the following issues : This security issue was fixed : - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed : - Fix encoding of /Title in generated PDFs. (bsc#867943) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91774
    published 2016-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91774
    title openSUSE Security Update : ImageMagick (openSUSE-2016-757)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-700.NASL
    description This update for ImageMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + ImageMagick-CVE-2016-5118.patch
    last seen 2018-09-01
    modified 2016-10-13
    plugin id 91555
    published 2016-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91555
    title openSUSE Security Update : ImageMagick (openSUSE-2016-700)
redhat via4
advisories
rhsa
id RHSA-2016:1237
rpms
  • ImageMagick-0:6.7.8.9-15.el7_2
  • ImageMagick-c++-0:6.7.8.9-15.el7_2
  • ImageMagick-c++-devel-0:6.7.8.9-15.el7_2
  • ImageMagick-devel-0:6.7.8.9-15.el7_2
  • ImageMagick-doc-0:6.7.8.9-15.el7_2
  • ImageMagick-perl-0:6.7.8.9-15.el7_2
  • ImageMagick-0:6.7.2.7-5.el6_8
  • ImageMagick-c++-0:6.7.2.7-5.el6_8
  • ImageMagick-c++-devel-0:6.7.2.7-5.el6_8
  • ImageMagick-devel-0:6.7.2.7-5.el6_8
  • ImageMagick-doc-0:6.7.2.7-5.el6_8
  • ImageMagick-perl-0:6.7.2.7-5.el6_8
refmap via4
bid 90938
confirm
debian
  • DSA-3591
  • DSA-3746
mlist
  • [oss-security] 20160529 CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
  • [oss-security] 20160529 Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
sectrack
  • 1035984
  • 1035985
slackware SSA:2016-152-01
suse
  • SUSE-SU-2016:1570
  • SUSE-SU-2016:1610
  • SUSE-SU-2016:1614
  • openSUSE-SU-2016:1521
  • openSUSE-SU-2016:1522
  • openSUSE-SU-2016:1534
  • openSUSE-SU-2016:1653
ubuntu USN-2990-1
Last major update 03-01-2017 - 21:59
Published 10-06-2016 - 11:59
Last modified 30-10-2018 - 12:27
Back to Top