edit-icon download-icon

[Vulnerability notice] CVE-2016–3714: Remote code execution vulnerability in ImageMagick

Last Updated: Apr 02, 2018

CVE identifier

CVE-2016–3714

Vulnerability name

Remote code execution vulnerability in ImageMagick

Vulnerability rating

High

Vulnerability description

ImageMagick is popular image processing software. Recently, the software has been reported to have a remote code execution vulnerability, CVE-2016–3714.

This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file. It has been confirmed that certain well-known applications, such as WordPress, are affected by this vulnerability because ImageMagick is widely used.

Affected scope

ImageMagick <= 6.9.3-9

How to fix or mitigate

Note: Before you fix the vulnerability, create a server snapshot, which can be used for restoration if fixing the vulnerability fails.

Thank you! We've received your feedback.