Executive Summary
Summary | |
---|---|
Title | ImageMagick does not properly validate input before processing images using a delegate |
Informations | |||
---|---|---|---|
Name | VU#250519 | First vendor Publication | 2016-05-04 |
Vendor | VU-CERT | Last vendor Modification | 2016-05-04 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#250519ImageMagick does not properly validate input before processing images using a delegateOverviewImageMagick does not properly validate user input before processing it using a delegate, which may lead to arbitrary code execution. This issue is also known as "ImageTragick". Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThe ImageTragick website credits Stewie and Nikolay Ermishkin of the Mail.Ru Security Team for discovering these vulnerabilities. This document was written by Garret Wassermann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/250519 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39006 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39005 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39004 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39003 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39002 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39001 - Revision : 3 - Type : FILE-IMAGE |
2016-06-22 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 39000 - Revision : 3 - Type : FILE-IMAGE |
2016-06-17 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38948 - Revision : 4 - Type : FILE-IMAGE |
2016-06-17 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38947 - Revision : 4 - Type : FILE-IMAGE |
2016-06-17 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38946 - Revision : 4 - Type : FILE-IMAGE |
2016-06-17 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38945 - Revision : 4 - Type : FILE-IMAGE |
2016-06-14 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38871 - Revision : 5 - Type : FILE-IMAGE |
2016-06-07 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38744 - Revision : 7 - Type : FILE-IMAGE |
2016-06-07 | ImageMagick WWWDecodeDelegate command injection attempt RuleID : 38743 - Revision : 6 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-05-01 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1021.nasl - Type : ACT_GATHER_INFO |
2016-12-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3746.nasl - Type : ACT_GATHER_INFO |
2016-05-24 | Name : The remote Debian host is missing a security update. File : debian_DLA-484.nasl - Type : ACT_GATHER_INFO |
2016-05-23 | Name : The remote Debian host is missing a security update. File : debian_DLA-486.nasl - Type : ACT_GATHER_INFO |
2016-05-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3580.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-699.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL03151140.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The PHP application running on the remote web server is affected by multiple ... File : wordpress_4_5_2.nasl - Type : ACT_GATHER_INFO |
2016-05-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0726.nasl - Type : ACT_GATHER_INFO |
2016-05-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0d724b05687f45279c03af34d3b094ec.nasl - Type : ACT_GATHER_INFO |
2016-05-04 | Name : The remote Windows host has an application installed that is affected by mult... File : imagemagick_7_0_1_1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-05-13 13:29:30 |
|
2016-05-07 05:38:36 |
|
2016-05-06 00:36:27 |
|
2016-05-05 00:25:17 |
|