VDB
GCVE-110-MAGEIA-2016-188
GCVE-110-MAGEIA-2016-188
Advisory Published
It was discovered that ImageMagick did not properly sanitize certain input
before passing it to the delegate functionality. A remote attacker could
create a specially crafted image that, when processed by an application
using ImageMagick or an unsuspecting user using the ImageMagick utilities,
would lead to arbitrary execution of shell commands with the privileges of
the user running the application (CVE-2016-3714).
It was discovered that certain ImageMagick coders and pseudo-protocols did
not properly prevent security sensitive operations when processing
specially crafted images. A remote attacker could create a specially
crafted image that, when processed by an application using ImageMagick or
an unsuspecting user using the ImageMagick utilities, would allow the
attacker to delete, move, or disclose the contents of arbitrary files
(CVE-2016-3715, CVE-2016-3716, CVE-2016-3717).
A server-side request forgery flaw was discovered in the way ImageMagick
processed certain images. A remote attacker could exploit this flaw to
mislead an application using ImageMagick or an unsuspecting user using the
ImageMagick utilities into, for example, performing HTTP(S) requests or
opening FTP sessions via specially crafted images (CVE-2016-3718).
The imagemagick package has been updated to version 6.9.4-2 to fix these
issues and several other bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby-rmagick | 0 (affected), 2.13.2-21.1.mga5 (unaffected) | — |
| Mageia | imagemagick | 0 (affected), 6.9.4.2-0.1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.