Handler on Duty: Rob VandenBrink
Threat Level: green
| Published | 2016-05-05 18:59:00 |
|---|---|
| Last Modified | 2023-02-02 16:17:00 |
| AKA | CVE-2016-3714 |
| Summary | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. |
| CVSS Score | 10 |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |
