CVE-2016-5239
CRITICALImageMagick < 6.9.3-9 - Remote Code Execution via Gnuplot Delegate
Title source: llmDescription
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
References (6)
Core 6
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1237
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91018
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/02/13
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
Scores
CVSS v3
9.8
EPSS
0.0092
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
imagemagick/imagemagick
< 6.9.3-9
Published
Mar 15, 2017
Tracked Since
Feb 18, 2026