Back to bug 1332492
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-05-03 10:48:34 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-05-03 10:48:34 UTC | Doc Type | --- | Bug Fix |
| Andrej Nemec | 2016-05-03 10:59:49 UTC | Summary | EMBARGOED CVE-2016-3716 ImageMagick: Insufficient shell characters filtering | EMBARGOED CVE-2016-3714 ImageMagick: Insufficient shell characters filtering |
| Alias | CVE-2016-3716 | CVE-2016-3714 | ||
| Andrej Nemec | 2016-05-03 11:07:53 UTC | Blocks | 1332507 | |
| Stefan Cornelius | 2016-05-03 12:29:56 UTC | Whiteboard | impact=important,public=no,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=new,openshift-enterprise-2/ImageMagick=new | impact=important,public=no,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 13:06:49 UTC | Whiteboard | impact=important,public=no,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=new,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=important,public=no,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 15:23:24 UTC | Whiteboard | impact=important,public=no,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-05-03 15:23:29 UTC | Summary | EMBARGOED CVE-2016-3714 ImageMagick: Insufficient shell characters filtering | CVE-2016-3714 ImageMagick: Insufficient shell characters filtering |
| Stefan Cornelius | 2016-05-03 15:23:34 UTC | Group | security, qe_staff | |
| Stefan Cornelius | 2016-05-03 15:24:02 UTC | Depends On | 1332630 | |
| Stefan Cornelius | 2016-05-03 15:34:03 UTC | Depends On | 1332638 | |
| Stefan Cornelius | 2016-05-03 15:34:10 UTC | Depends On | 1332639 | |
| Stefan Cornelius | 2016-05-03 15:34:21 UTC | Depends On | 1332640 | |
| Stefan Cornelius | 2016-05-03 15:34:27 UTC | Depends On | 1332641 | |
| Stefan Cornelius | 2016-05-03 19:43:29 UTC | Depends On | 1332695 | |
| Clifford Perry | 2016-05-03 20:40:09 UTC | CC | cperry | |
| Stefan Cornelius | 2016-05-04 11:44:50 UTC | Depends On | 1332930 | |
| Roger Wells | 2016-05-04 12:48:51 UTC | CC | roger.k.wells | |
| Slawomir Czarko | 2016-05-04 14:06:48 UTC | CC | slawomir | |
| Stefan Cornelius | 2016-05-04 15:29:25 UTC | Doc Text | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could exploit this flaw to execute arbitrary shell commands by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. | |
| Tuomo Soini | 2016-05-04 15:33:02 UTC | CC | tis | |
| Salvatore Bonaccorso | 2016-05-05 09:33:26 UTC | CC | carnil | |
| Stefan Cornelius | 2016-05-05 11:31:55 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=new,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Martin Prpič | 2016-05-05 12:37:42 UTC | Doc Text | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could exploit this flaw to execute arbitrary shell commands by tricking an automated system or unsuspecting user into processing specially crafted images using ImageMagick. | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. |
| Pete Philips | 2016-05-05 13:52:29 UTC | CC | pete.philips | |
| David Mueller | 2016-05-05 20:18:45 UTC | CC | dsm42 | |
| Ralf Baechle | 2016-05-05 21:01:14 UTC | CC | ralf | |
| Flos Qi Guo | 2016-05-06 01:22:45 UTC | CC | qguo | |
| Norman Sardella | 2016-05-06 13:23:00 UTC | CC | sardella | |
| Vincent Danen | 2016-05-06 16:24:32 UTC | Alias | ImageTragick | |
| Vadym Chepkov | 2016-05-06 21:09:30 UTC | CC | vchepkov | |
| Pim Rupert | 2016-05-08 07:13:19 UTC | CC | pim | |
| Ryan Parman | 2016-05-08 16:58:14 UTC | CC | ryan.parman | |
| Yasuhiro Ozone | 2016-05-09 23:05:10 UTC | CC | yozone | |
| Martin Prpič | 2016-05-10 14:28:47 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new |
| Stefan Cornelius | 2016-06-02 12:59:27 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=new | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected | ||
| Last Closed | 2016-06-02 08:59:27 UTC | |||
| Martin Prpič | 2016-06-10 15:18:22 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=6.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=5.9/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected |
| Martin Prpič | 2016-06-14 07:13:40 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=5.9/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected |
| Huzaifa S. Sidhpurwala | 2017-12-14 05:12:43 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=affected |
| Huzaifa S. Sidhpurwala | 2017-12-14 05:13:33 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=affected | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=affected,rhel-8/GraphicsMagick=affected |
| Huzaifa S. Sidhpurwala | 2017-12-14 05:14:48 UTC | Depends On | 1525802 | |
| Tazz | 2018-01-31 16:08:34 UTC | CC | tazz | |
| Tomas Hoger | 2019-05-07 14:49:59 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=affected,rhel-8/GraphicsMagick=affected | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=wontfix,rhel-8/GraphicsMagick=affected |
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=important,public=20160503,reported=20160502,source=researcher,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-20,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=affected,rhel-7/ImageMagick=affected,openshift-enterprise-2/ImageMagick=affected,rhel-8/ImageMagick=wontfix,rhel-8/GraphicsMagick=affected |
Back to bug 1332492