CVE-2016-5118

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

References

http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8

http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog

http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html

http://www.debian.org/security/2016/dsa-3591

http://www.debian.org/security/2016/dsa-3746

http://www.openwall.com/lists/oss-security/2016/05/29/7

http://www.openwall.com/lists/oss-security/2016/05/30/1

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/90938

http://www.securitytracker.com/id/1035984

http://www.securitytracker.com/id/1035985

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749

http://www.ubuntu.com/usn/USN-2990-1

https://access.redhat.com/errata/RHSA-2016:1237

Details

Source: MITRE

Published: 2016-06-10

Updated: 2019-12-27

Type: CWE-284

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:* versions up to 1.3.23 (inclusive)

Configuration 2

OR

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 7

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 8

OR

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
99792EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1029)NessusHuawei Local Security Checks
critical
96103Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)NessusDebian Local Security Checks
critical
95704openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)NessusSuSE Local Security Checks
critical
93155SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1610-1)NessusSuSE Local Security Checks
critical
92115Fedora 23 : GraphicsMagick (2016-7a878ed298)NessusFedora Local Security Checks
critical
92087Fedora 22 : GraphicsMagick (2016-40ccaff4d1)NessusFedora Local Security Checks
critical
92058Fedora 24 : GraphicsMagick (2016-0d90ead5d7)NessusFedora Local Security Checks
critical
92005F5 Networks BIG-IP : GraphicsMagick vulnerability (K82747025)NessusF5 Networks Local Security Checks
critical
91774openSUSE Security Update : ImageMagick (openSUSE-2016-757)NessusSuSE Local Security Checks
critical
91769Amazon Linux AMI : GraphicsMagick (ALAS-2016-717)NessusAmazon Linux Local Security Checks
critical
91768Amazon Linux AMI : ImageMagick (ALAS-2016-716)NessusAmazon Linux Local Security Checks
critical
91712Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160617)NessusScientific Linux Local Security Checks
critical
91664SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1570-1)NessusSuSE Local Security Checks
critical
91642RHEL 6 / 7 : ImageMagick (RHSA-2016:1237)NessusRed Hat Local Security Checks
critical
91641Oracle Linux 6 / 7 : ImageMagick (ELSA-2016-1237)NessusOracle Linux Local Security Checks
critical
91636CentOS 6 / 7 : ImageMagick (CESA-2016:1237)NessusCentOS Local Security Checks
critical
91555openSUSE Security Update : ImageMagick (openSUSE-2016-700)NessusSuSE Local Security Checks
critical
91529openSUSE Security Update : GraphicsMagick (openSUSE-2016-694)NessusSuSE Local Security Checks
critical
91528openSUSE Security Update : GraphicsMagick (openSUSE-2016-693)NessusSuSE Local Security Checks
critical
91450Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : imagemagick vulnerabilities (USN-2990-1) (ImageTragick)NessusUbuntu Local Security Checks
critical
91446Debian DLA-502-1 : graphicsmagick security updateNessusDebian Local Security Checks
critical
91444Debian DLA-500-1 : imagemagick security updateNessusDebian Local Security Checks
critical
91430Debian DSA-3591-1 : imagemagick - security updateNessusDebian Local Security Checks
critical
91356Slackware 14.0 / 14.1 / current : imagemagick (SSA:2016-152-01)NessusSlackware Local Security Checks
critical