ImageMagick File Processing vulnerabilities and Input validation error

Posted on Posted in Uncategorized

Decription: Several vulnerabilities were reported in ImageMagick. A remote user can cause arbitrary commands to be executed on the target user's system. A remote user can read, move, and delete arbitrary files on the target system.

The software does not properly filter parameters processed by the delegate command. A remote user can create a specially crafted image file that, when processed by the target application using ImageMagick, will trigger an input validation flaw and execute arbitrary shell commands on the target system [CVE-2016-3714]. The code will run with the privileges of the target application.

Affected versions: prior to versions 6.9.3-10, 7.0.1-1
Recommended action:The vendor plans to issue a fix (6.9.3-10, 7.0.1-1).

The vendor has described a 'policy.xml' configuration as a workaround in their advisory.

The vendor's advisory is available at:

Origin URLs:


Leave a Reply

Your email address will not be published. Required fields are marked *