The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is in the KEV database since Nov. 3, 2021.

The EPSS score is 0.79254.

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Imagemagick
  • Imagemagick
Opensuse
  • Leap
  • Opensuse
Oracle
  • Linux
  • Solaris
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Big Endian
  • Enterprise Linux For Power Big Endian Eus
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Hpc Node
  • Enterprise Linux Hpc Node Eus
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server From Rhui
  • Enterprise Linux Server Supplementary Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
Suse
  • Linux Enterprise Debuginfo
  • Linux Enterprise Desktop
  • Linux Enterprise Server
  • Linux Enterprise Software Development Kit
  • Linux Enterprise Workstation Extension
  • Manager
  • Manager Proxy
  • Openstack Cloud

Configuration 1 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
ImageMagick-0:6.7.2.7-4.el6_7 cpe:/o:redhat:enterprise_linux:6 RHSA-2016:0726 2016-05-09T00:00:00Z
Red Hat Enterprise Linux 7
ImageMagick-0:6.7.8.9-13.el7_2 cpe:/o:redhat:enterprise_linux:7 RHSA-2016:0726 2016-05-09T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-484-1 graphicsmagick security update
Debian DLA Debian DLA DLA-486-1 imagemagick security update
Debian DLA Debian DLA DLA-1401-1 graphicsmagick security update
Debian DSA Debian DSA DSA-3580-1 imagemagick security update
Ubuntu USN Ubuntu USN USN-2990-1 ImageMagick vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-0726.html cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3580 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2016/05/03/18 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/538378/100/0/threaded cve-icon cve-icon
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2990-1 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-3718 cve-icon
https://security.gentoo.org/glsa/201611-21 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718 cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-3718 cve-icon
https://www.exploit-db.com/exploits/39767/ cve-icon cve-icon
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 cve-icon cve-icon
https://www.imagemagick.org/script/changelog.php cve-icon cve-icon
History

Wed, 22 Oct 2025 00:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 00:00:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-21T23:55:52.756Z

Reserved: 2016-03-30T00:00:00.000Z

Link: CVE-2016-3718

cve-icon Vulnrichment

Updated: 2024-08-06T00:03:34.460Z

cve-icon NVD

Status : Deferred

Published: 2016-05-05T18:59:08.960

Modified: 2025-10-22T00:15:52.070

Link: CVE-2016-3718

cve-icon Redhat

Severity : Low

Publid Date: 2016-05-03T00:00:00Z

Links: CVE-2016-3718 - Bugzilla

cve-icon OpenCVE Enrichment

No data.