Loading HuntDB...

ImageMagick Improper Input Validation Vulnerability

Added Sept. 9, 2024 Due Sept. 30, 2024 CVE-2016-3714
Overdue ImageMagick / ImageMagick CWE-20

Description

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

Additional Information

Catalog Version
2025.01.24
Catalog Released
Jan. 24, 2025
Days Until Due
0 days
Last Updated
4 months, 2 weeks ago