5.8
CVE-2016-3715
- EPSS 79.8%
- Veröffentlicht 05.05.2016 18:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version6.7
Redhat ≫ Enterprise Linux Eus Version7.2
Redhat ≫ Enterprise Linux Eus Version7.3
Redhat ≫ Enterprise Linux Eus Version7.4
Redhat ≫ Enterprise Linux Eus Version7.5
Redhat ≫ Enterprise Linux Eus Version7.6
Redhat ≫ Enterprise Linux Eus Version7.7
Redhat ≫ Enterprise Linux For Ibm Z Systems Version6.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version6.7_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.2_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.3_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.4_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.5_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version7.7_s390x
Redhat ≫ Enterprise Linux For Power Big Endian Version6.0_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version6.7_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.2_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.3_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.4_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.5_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.6_ppc64
Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.7_ppc64
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.2_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.3_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.4_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.5_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version7.7_ppc64le
Redhat ≫ Enterprise Linux Hpc Node Version6.0
Redhat ≫ Enterprise Linux Hpc Node Version7.0
Redhat ≫ Enterprise Linux Hpc Node Eus Version7.2
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server From Rhui Version6.0
Redhat ≫ Enterprise Linux Server From Rhui Version7.0
Redhat ≫ Enterprise Linux Server Supplementary Eus Version6.7z
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Imagemagick ≫ Imagemagick Version < 6.9.3-10
Imagemagick ≫ Imagemagick Version7.0.0-0
Imagemagick ≫ Imagemagick Version7.0.1-0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp2
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3
Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4
Suse ≫ Manager Proxy Version2.1
Suse ≫ Openstack Cloud Version5
Suse ≫ Linux Enterprise Desktop Version12 Update-
Suse ≫ Linux Enterprise Desktop Version12 Updatesp1
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp4
Suse ≫ Linux Enterprise Server Version12 Update-
Suse ≫ Linux Enterprise Server Version12 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version12 Update-
Suse ≫ Linux Enterprise Software Development Kit Version12 Updatesp1
Suse ≫ Linux Enterprise Workstation Extension Version12 Update-
Suse ≫ Linux Enterprise Workstation Extension Version12 Updatesp1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
ImageMagick Arbitrary File Deletion Vulnerability
SchwachstelleImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 79.8% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.