CVE identifier
CVE-2016–3714
Vulnerability name
Remote code execution vulnerability in ImageMagick
Vulnerability rating
High
Vulnerability description
ImageMagick is popular image processing software. Recently, the software has been reported to have a remote code execution vulnerability, CVE-2016–3714.
This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file. It has been confirmed that certain well-known applications, such as WordPress, are affected by this vulnerability because ImageMagick is widely used.
Affected scope
ImageMagick <= 6.9.3-9
How to fix or mitigate
Use Alibaba Cloud Security web application firewall to intercept attack code of the vulnerability.
Download the latest installation package from the official website and install it on your local computer.
Note: Before you fix the vulnerability, create a server snapshot, which can be used for restoration if fixing the vulnerability fails.