{"api_version":"1","generated_at":"2026-04-25T12:58:59+00:00","cve":"CVE-2016-3714","urls":{"html":"https://cve.report/CVE-2016-3714","api":"https://cve.report/api/cve/CVE-2016-3714.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3714","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3714"},"summary":{"title":"CVE-2016-3714","description":"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"","state":"PUBLISHED","assigner":"redhat","published_at":"2016-05-05 18:59:03","updated_at":"2026-04-21 19:14:46"},"problem_types":["CWE-20","n/a","CWE-20 CWE-20 Improper Input Validation"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://www.exploit-db.com/exploits/39791/","name":"https://www.exploit-db.com/exploits/39791/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit) - Multiple local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568","name":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0726.html","name":"http://rhn.redhat.com/errata/RHSA-2016-0726.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE-SU-2016:1275-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/03/18","name":"http://www.openwall.com/lists/oss-security/2016/05/03/18","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"oss-security - Re: ImageMagick Is On Fire -- CVE-2016-3714","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/538378/100/0/threaded","name":"http://www.securityfocus.com/archive/1/538378/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2016:1326-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3714","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3714","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.debian.org/security/2016/dsa-3746","name":"http://www.debian.org/security/2016/dsa-3746","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-3746-1 graphicsmagick","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2016:1261-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html","name":"http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ImageTragick ImageMagick Proof Of Concepts ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201611-21","name":"https://security.gentoo.org/glsa/201611-21","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"ImageMagick: Multiple vulnerabilities (GLSA 201611-21) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2016:1266-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate","name":"http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"CVE-2016-3714 ImageMagick Delegate Arbitrary Command Execution | Rapid7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1035742","name":"http://www.securitytracker.com/id/1035742","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ImageMagick File Processing Input Validation Flaw Lets Remote Users Read/Move/Delete Arbitrary Files and Execute Arbitrary Commands - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588","name":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ImageMagick Security Issue - ImageMagick","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2016/dsa-3580","name":"http://www.debian.org/security/2016/dsa-3580","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-3580-1 imagemagick","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://imagetragick.com/","name":"https://imagetragick.com/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ImageTragick","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332492","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1332492","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"1332492 – (CVE-2016-3714, ImageTragick) CVE-2016-3714 ImageMagick: Insufficient shell characters filtering","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/vulnerabilities/2296071","name":"https://access.redhat.com/security/vulnerabilities/2296071","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"ImageTragick - ImageMagick Filtering Vulnerability - CVE-2016-3714 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.kb.cert.org/vuls/id/250519","name":"https://www.kb.cert.org/vuls/id/250519","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#250519 - ImageMagick does not properly validate input before processing images using a delegate","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Solaris Bulletin - July 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/39767/","name":"https://www.exploit-db.com/exploits/39767/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities - Multiple dos Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2990-1","name":"http://www.ubuntu.com/usn/USN-2990-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-2990-1: ImageMagick vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/03/13","name":"http://www.openwall.com/lists/oss-security/2016/05/03/13","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"oss-security - ImageMagick Is On Fire -- CVE-2016-3714","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE-SU-2016:1260-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.imagemagick.org/script/changelog.php","name":"https://www.imagemagick.org/script/changelog.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Changelog @ ImageMagick","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE-SU-2016:1301-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Linux Bulletin - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/89848","name":"http://www.securityfocus.com/bid/89848","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ImageMagick CVE-2016-3714 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog","name":"http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"ChangeLog · a01518e08c840577cabd7d3ff291a9ba735f7276 · repos / ImageMagick · GitLab","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2016:0726","name":"MISC:https://access.redhat.com/errata/RHSA-2016:0726","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2016-3714","name":"MISC:https://access.redhat.com/security/cve/CVE-2016-3714","refsource":"MITRE","tags":[],"title":"CVE-2016-3714 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3714","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3714","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]},{"source":"ADP","vendor":"imagemagick","product":"imagemagick","version":"affected 6.9.3-9 custom","platforms":[]},{"source":"ADP","vendor":"imagemagick","product":"imagemagick","version":"affected 7.0.0-0","platforms":[]},{"source":"ADP","vendor":"imagemagick","product":"imagemagick","version":"affected 7.0.1-0","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 12.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 14.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 15.10","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 16.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 12.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 14.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 15.10","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 16.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 12.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 14.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 15.10","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 16.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 12.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 14.04","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 15.10","platforms":[]},{"source":"ADP","vendor":"canonical","product":"ubuntu_linux","version":"affected 16.04","platforms":[]},{"source":"ADP","vendor":"debian","product":"debian_linux","version":"affected 8.0","platforms":[]},{"source":"ADP","vendor":"debian","product":"debian_linux","version":"affected 9.0","platforms":[]},{"source":"ADP","vendor":"debian","product":"debian_linux","version":"affected 8.0","platforms":[]},{"source":"ADP","vendor":"debian","product":"debian_linux","version":"affected 9.0","platforms":[]},{"source":"ADP","vendor":"opensuse","product":"opensuse","version":"affected 13.2","platforms":[]},{"source":"ADP","vendor":"opensuse","product":"leap","version":"affected 42.1","platforms":[]},{"source":"ADP","vendor":"suse","product":"suse_linux_enterprise_server","version":"affected 12","platforms":[]}],"timeline":[{"source":"ADP","time":"2024-09-09T00:00:00.000Z","lang":"en","value":"CVE-2016-3714 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imagemagick","cpe5":"imagemagick","cpe6":"7.0.0-0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imagemagick","cpe5":"imagemagick","cpe6":"7.0.1-0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"6.9.3-9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imagemagick","cpe5":"imagemagick","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"42.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3714","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"suse","cpe5":"suse_linux_enterprise_server","cpe6":"12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2016","cve_id":"3714","cve":"CVE-2016-3714","vendorProject":"ImageMagick","product":"ImageMagick","vulnerabilityName":"ImageMagick Improper Input Validation Vulnerability","dateAdded":"2024-09-09","shortDescription":"ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2024-09-30","knownRansomwareCampaignUse":"Unknown","notes":"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714","cwes":"CWE-20","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:33"},"epss":{"cve_year":"2016","cve_id":"3714","cve":"CVE-2016-3714","epss":"0.939470000","percentile":"0.998850000","score_date":"2026-04-24","updated_at":"2026-04-25 00:14:36"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T00:03:34.492Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://access.redhat.com/security/vulnerabilities/2296071"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"},{"name":"openSUSE-SU-2016:1266","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"},{"name":"1035742","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1035742"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://imagetragick.com/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"},{"name":"[oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2016/05/03/13"},{"name":"SUSE-SU-2016:1301","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"},{"name":"openSUSE-SU-2016:1326","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"},{"name":"USN-2990-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2990-1"},{"name":"openSUSE-SU-2016:1261","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"},{"name":"20160513 May 2016 - HipChat Server - Critical Security Advisory","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/538378/100/0/threaded"},{"name":"39767","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/39767/"},{"name":"SUSE-SU-2016:1260","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"name":"[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2016/05/03/18"},{"name":"DSA-3746","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3746"},{"name":"GLSA-201611-21","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201611-21"},{"name":"SUSE-SU-2016:1275","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"},{"name":"SSA:2016-132-01","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.imagemagick.org/script/changelog.php"},{"name":"39791","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/39791/"},{"name":"DSA-3580","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3580"},{"name":"89848","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/89848"},{"name":"RHSA-2016:0726","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0726.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332492"},{"name":"VU#250519","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"https://www.kb.cert.org/vuls/id/250519"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"}],"title":"CVE Program Container"},{"affected":[{"cpes":["cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"imagemagick","vendor":"imagemagick","versions":[{"lessThanOrEqual":"6.9.3-9","status":"affected","version":"0","versionType":"custom"}]},{"cpes":["cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"imagemagick","vendor":"imagemagick","versions":[{"status":"affected","version":"7.0.0-0"}]},{"cpes":["cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"imagemagick","vendor":"imagemagick","versions":[{"status":"affected","version":"7.0.1-0"}]},{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"],"defaultStatus":"unknown","product":"ubuntu_linux","vendor":"canonical","versions":[{"status":"affected","version":"12.04"},{"status":"affected","version":"14.04"},{"status":"affected","version":"15.10"},{"status":"affected","version":"16.04"}]},{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"],"defaultStatus":"unknown","product":"ubuntu_linux","vendor":"canonical","versions":[{"status":"affected","version":"12.04"},{"status":"affected","version":"14.04"},{"status":"affected","version":"15.10"},{"status":"affected","version":"16.04"}]},{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"],"defaultStatus":"unknown","product":"ubuntu_linux","vendor":"canonical","versions":[{"status":"affected","version":"12.04"},{"status":"affected","version":"14.04"},{"status":"affected","version":"15.10"},{"status":"affected","version":"16.04"}]},{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"],"defaultStatus":"unknown","product":"ubuntu_linux","vendor":"canonical","versions":[{"status":"affected","version":"12.04"},{"status":"affected","version":"14.04"},{"status":"affected","version":"15.10"},{"status":"affected","version":"16.04"}]},{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"debian_linux","vendor":"debian","versions":[{"status":"affected","version":"8.0"},{"status":"affected","version":"9.0"}]},{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"debian_linux","vendor":"debian","versions":[{"status":"affected","version":"8.0"},{"status":"affected","version":"9.0"}]},{"cpes":["cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"opensuse","vendor":"opensuse","versions":[{"status":"affected","version":"13.2"}]},{"cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"leap","vendor":"opensuse","versions":[{"status":"affected","version":"42.1"}]},{"cpes":["cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"suse_linux_enterprise_server","vendor":"suse","versions":[{"status":"affected","version":"12"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2016-3714","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-09-07T03:55:20.670421Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2024-09-09","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3714"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T23:55:53.098Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3714"}],"timeline":[{"lang":"en","time":"2024-09-09T00:00:00.000Z","value":"CVE-2016-3714 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-05-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-04-03T18:06:06.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://access.redhat.com/security/vulnerabilities/2296071"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"},{"name":"openSUSE-SU-2016:1266","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"},{"name":"1035742","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1035742"},{"tags":["x_refsource_MISC"],"url":"https://imagetragick.com/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"},{"name":"[oss-security] 20160503 ImageMagick Is On Fire -- CVE-2016-3714","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2016/05/03/13"},{"name":"SUSE-SU-2016:1301","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html"},{"name":"openSUSE-SU-2016:1326","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"},{"name":"USN-2990-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2990-1"},{"name":"openSUSE-SU-2016:1261","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"},{"name":"20160513 May 2016 - HipChat Server - Critical Security Advisory","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/538378/100/0/threaded"},{"name":"39767","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/39767/"},{"name":"SUSE-SU-2016:1260","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"},{"tags":["x_refsource_MISC"],"url":"http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"name":"[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2016/05/03/18"},{"name":"DSA-3746","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3746"},{"name":"GLSA-201611-21","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201611-21"},{"name":"SUSE-SU-2016:1275","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"},{"name":"SSA:2016-132-01","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.imagemagick.org/script/changelog.php"},{"name":"39791","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/39791/"},{"name":"DSA-3580","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2016/dsa-3580"},{"name":"89848","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/89848"},{"name":"RHSA-2016:0726","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0726.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332492"},{"name":"VU#250519","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"https://www.kb.cert.org/vuls/id/250519"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2016-3714","datePublished":"2016-05-05T18:00:00.000Z","dateReserved":"2016-03-30T00:00:00.000Z","dateUpdated":"2025-10-21T23:55:53.098Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-05-05 18:59:03","lastModifiedDate":"2026-04-21 19:14:46","problem_types":["CWE-20","n/a","CWE-20 CWE-20 Improper Input Validation"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.3-9","matchCriteriaId":"F89D4030-2804-4CFE-8DC1-66BC99720860"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*","matchCriteriaId":"3B7CCC6B-C66E-48E2-BA1E-CBF6421B4FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*","matchCriteriaId":"693C9F8F-A8C1-4D06-8F31-E085E16E701C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","matchCriteriaId":"E88A537F-F4D0-46B9-9E37-965233C2A355"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*","matchCriteriaId":"9C649194-B8C2-49F7-A819-C635EE584ABF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3714","Ordinal":"1","Title":"CVE-2016-3714","CVE":"CVE-2016-3714","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3714","Ordinal":"1","NoteData":"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"","Type":"Description","Title":"CVE-2016-3714"},{"CveYear":"2016","CveId":"3714","Ordinal":"2","NoteData":"2016-05-05","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3714","Ordinal":"3","NoteData":"2019-04-03","Type":"Other","Title":"Modified"}]}}}