CVE-2016-3717
MEDIUMImageMagick <6.9.3-10, <7.0.1-1 - Info Disclosure
Title source: llmDescription
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
Exploits (1)
exploitdb
WORKING POC
by Nikolay Ermishkin · textdosmultiple
https://www.exploit-db.com/exploits/39767
References (19)
Scores
CVSS v3
5.5
EPSS
0.3366
EPSS Percentile
96.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-200
Status
draft
Affected Products (19)
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_hpc_node
redhat/enterprise_linux_hpc_node
redhat/enterprise_linux_hpc_node_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_eus
redhat/enterprise_linux_server_supplementary_eus
redhat/enterprise_linux_workstation
... and 4 more
Timeline
Published
May 05, 2016
Tracked Since
Feb 18, 2026