Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2016-3717

Description

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

POC

Reference

- http://www.openwall.com/lists/oss-security/2016/05/03/18

- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

- http://www.ubuntu.com/usn/USN-2990-1

- https://www.exploit-db.com/exploits/39767/

- https://www.imagemagick.org/script/changelog.php

Github

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/barrracud4/image-upload-exploits