Back to search
CVE-2016-3718
Published: May 5, 2016
Modified: Oct 21, 2025
PUBLISHED
Description
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2016:1266
vendor-advisory
x_refsource_SUSE
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
x_refsource_CONFIRM
openSUSE-SU-2016:1326
vendor-advisory
x_refsource_SUSE
USN-2990-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2016:1261
vendor-advisory
x_refsource_SUSE
20160513 May 2016 - HipChat Server - Critical Security Advisory
mailing-list
x_refsource_BUGTRAQ
39767
exploit
x_refsource_EXPLOIT-DB
SUSE-SU-2016:1260
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update
mailing-list
x_refsource_MLIST
[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714
mailing-list
x_refsource_MLIST
GLSA-201611-21
vendor-advisory
x_refsource_GENTOO
SUSE-SU-2016:1275
vendor-advisory
x_refsource_SUSE
SSA:2016-132-01
vendor-advisory
x_refsource_SLACKWARE
https://www.imagemagick.org/script/changelog.php
x_refsource_CONFIRM
DSA-3580
vendor-advisory
x_refsource_DEBIAN
RHSA-2016:0726
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now