| Name | CVE-2016-3714 |
| Description | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more) |
| References | DLA-484-1, DLA-486-1, DSA-3580-1, DSA-3746-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| graphicsmagick (PTS) | buster | 1.4+really1.3.35-1~deb10u2 | fixed |
| buster (security) | 1.4+really1.3.35-1~deb10u3 | fixed | |
| bullseye (security), bullseye | 1.4+really1.3.36+hg16481-2+deb11u1 | fixed | |
| bookworm, sid | 1.4+really1.3.40-2 | fixed | |
| imagemagick (PTS) | buster, buster (security) | 8:6.9.10.23+dfsg-2.1+deb10u1 | fixed |
| bullseye | 8:6.9.11.60+dfsg-1.3 | fixed | |
| bookworm, sid | 8:6.9.11.60+dfsg-1.4 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| graphicsmagick | source | wheezy | 1.3.16-1.1+deb7u1 | DLA-484-1 | ||
| graphicsmagick | source | jessie | 1.3.20-3+deb8u2 | DSA-3746-1 | ||
| graphicsmagick | source | (unstable) | 1.3.24-1 | |||
| imagemagick | source | wheezy | 8:6.7.7.10-5+deb7u5 | DLA-486-1 | ||
| imagemagick | source | jessie | 8:6.8.9.9-5+deb8u2 | DSA-3580-1 | ||
| imagemagick | source | (unstable) | 8:6.9.6.2+dfsg-2 |
Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Original upstream applied patches are incomplete and still to be finished
https://imagetragick.com/
notice how the workaround differs between the three refs above
PLT format removed with: https://github.com/ImageMagick/ImageMagick/commit/e87116ab2bd070c47943d4118a18c8f3a47461e2
https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/