CVE-2016-3714

描述

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

受影響套件(4)

• Debian/graphicsmagickfrom 0, < 1.3.24-1
• Debian/imagemagickfrom 0, < 8:6.9.6.2+dfsg-2
• Debian/imagemagickfrom 0, < 8:6.7.7.10-5+deb7u5
• Debian/imagemagickfrom 0, < 8:6.8.9.9-5+deb8u2

CVSS 分數

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-3714