CVE-2016-3716

LOW

ImageMagick <7.0.1-1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3716. PoCs published by Nikolay Ermishkin.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in ImageMagick, including remote code execution (RCE) via command injection in delegate commands, SSRF, file deletion, file moving, and local file read. The PoC leverages insufficient filtering in the 'delegate' feature and pseudo-protocols like 'ephemeral' and 'msl'.

Description

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Exploits (1)

exploitdb WORKING POC
by Nikolay Ermishkin · textdosmultiple
https://www.exploit-db.com/exploits/39767

This exploit demonstrates multiple vulnerabilities in ImageMagick, including remote code execution (RCE) via command injection in delegate commands, SSRF, file deletion, file moving, and local file read. The PoC leverages insufficient filtering in the 'delegate' feature and pseudo-protocols like 'ephemeral' and 'msl'.

Classification
Working Poc 100%
Attack Type
Rce | Ssrf | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ImageMagick versions up to 6.9.3-9
No auth needed
Prerequisites: ImageMagick installed with default delegates.xml/policy.xml · wget or curl installed · Ghostscript installed for some PoCs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2990-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538378/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39767/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/03/18
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201611-21
Vendor Advisory x_refsource_confirm
https://www.imagemagick.org/script/changelog.php
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3580
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0726.html

Scores

CVSS v3 3.3
EPSS 0.1138
EPSS Percentile 95.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-264
Status published
Products (19)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
imagemagick/imagemagick 7.0.0-0
imagemagick/imagemagick 7.0.1-0
imagemagick/imagemagick < 6.9.3-9
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_hpc_node 6.0
... and 9 more
Published May 05, 2016
Tracked Since Feb 18, 2026