CVE-2016-5118 - Vulnerability Details

- ImageMagick: Remote code execution via filename

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Published: 2016-06-10

Score: 9.8 Critical

EPSS: 31.8% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
	cpe:2.3:a:suse:studio_onsite:1.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::

Configuration 3 [-]

OR	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:oracle:linux:6:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration 7 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12.0:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:12.0:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1::::::

Configuration 9 [-]

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
ImageMagick-0:6.7.2.7-5.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:1237	2016-06-16T00:00:00Z
Red Hat Enterprise Linux 7
ImageMagick-0:6.7.8.9-15.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:1237	2016-06-16T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-500-1	imagemagick security update
Debian DLA	DLA-502-1	graphicsmagick security update
Debian DSA	DSA-3591-1	imagemagick security update
Debian DSA	DSA-3746-1	graphicsmagick security update
Ubuntu USN	USN-2990-1	ImageMagick vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.31781.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
http://www.debian.org/security/2016/dsa-3591
http://www.debian.org/security/2016/dsa-3746
http://www.openwall.com/lists/oss-security/2016/05/29/7
http://www.openwall.com/lists/oss-security/2016/05/30/1
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/90938
http://www.securitytracker.com/id/1035984
http://www.securitytracker.com/id/1035985
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749
http://www.ubuntu.com/usn/USN-2990-1
https://access.redhat.com/errata/RHSA-2016:1237
https://nvd.nist.gov/vuln/detail/CVE-2016-5118
https://www.cve.org/CVERecord?id=CVE-2016-5118

History

Tue, 19 Nov 2024 20:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:imagemagick:imagemagick:-:::::::*	cpe:2.3:a:imagemagick:imagemagick::::::::

Subscriptions

Canonical Ubuntu Linux

Debian Debian Linux

Graphicsmagick Graphicsmagick

Imagemagick Imagemagick

Opensuse Leap Opensuse

Oracle Linux Solaris

Redhat Enterprise Linux

Suse Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Linux Enterprise Workstation Extension Studio Onsite

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-10T15:00:00.000Z

Updated: 2024-08-06T00:53:47.880Z

Reserved: 2016-05-29T00:00:00.000Z

Link: CVE-2016-5118

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-06-10T15:59:06.737

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-5118

Redhat

Severity : Important

Publid Date: 2016-05-29T00:00:00Z

Links: CVE-2016-5118 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object