CVE-2016-3717 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
canonical	ubuntu_linux	16.04
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	6.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.2
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_server_supplementary_eus	6.7z:z
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
imagemagick	imagemagick	𝑥 ≤ 6.9.3-9
imagemagick	imagemagick	7.0.0-0
imagemagick	imagemagick	7.0.1-0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

graphicsmagick

bullseye (security)	1.4+really1.3.36+hg16481-2+deb11u1 fixed
bullseye	1.4+really1.3.36+hg16481-2+deb11u1 fixed
bookworm	1.4+really1.3.40-4 fixed
sid	1.4+really1.3.45-1 fixed
trixie	1.4+really1.3.45-1 fixed

imagemagick

bullseye	8:6.9.11.60+dfsg-1.3+deb11u4 fixed
bullseye (security)	8:6.9.11.60+dfsg-1.3+deb11u3 fixed
bookworm	8:6.9.11.60+dfsg-1.6+deb12u2 fixed
bookworm (security)	8:6.9.11.60+dfsg-1.6+deb12u1 fixed
trixie	8:6.9.13.12+dfsg1-1 fixed
sid	8:7.1.1.39+dfsg1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

graphicsmagick

cosmic	not-affected
bionic	not-affected
artful	ignored
zesty	ignored
yakkety	ignored
xenial	Fixed 1.3.23-1ubuntu0.1 released
wily	ignored
trusty	Fixed 1.3.18-1ubuntu3.1 released
precise	ignored

imagemagick

cosmic	Fixed 8:6.8.9.9-7ubuntu7 released
bionic	Fixed 8:6.8.9.9-7ubuntu7 released
artful	Fixed 8:6.8.9.9-7ubuntu7 released
zesty	Fixed 8:6.8.9.9-7ubuntu7 released
yakkety	Fixed 8:6.8.9.9-7ubuntu7 released
xenial	Fixed 8:6.8.9.9-7ubuntu5.1 released
wily	Fixed 8:6.8.9.9-5ubuntu2.1 released
trusty	Fixed 8:6.7.7.10-6ubuntu3.1 released
precise	Fixed 8:6.6.9.7-5ubuntu3.4 released

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html

http://rhn.redhat.com/errata/RHSA-2016-0726.html

http://www.debian.org/security/2016/dsa-3580

http://www.openwall.com/lists/oss-security/2016/05/03/18

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/archive/1/538378/100/0/threaded

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568

http://www.ubuntu.com/usn/USN-2990-1

https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html

https://security.gentoo.org/glsa/201611-21

https://www.exploit-db.com/exploits/39767/

https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588

https://www.imagemagick.org/script/changelog.php

http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html

http://rhn.redhat.com/errata/RHSA-2016-0726.html

http://www.debian.org/security/2016/dsa-3580

http://www.openwall.com/lists/oss-security/2016/05/03/18

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/archive/1/538378/100/0/threaded

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568

http://www.ubuntu.com/usn/USN-2990-1

https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html

https://security.gentoo.org/glsa/201611-21

https://www.exploit-db.com/exploits/39767/

https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588

https://www.imagemagick.org/script/changelog.php