Description
It was discovered that ImageMagick did not properly sanitize certain input
before passing it to the delegate functionality. A remote attacker could create
a specially crafted image that, when processed by an application using
ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead
to arbitrary execution of shell commands with the privileges of the user running
the application. (CVE-2016-3714)
* It was discovered that certain ImageMagick coders and pseudo-protocols did not
properly prevent security sensitive operations when processing specially crafted
images. A remote attacker could create a specially crafted image that, when
processed by an application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would allow the attacker to delete, move, or disclose the
contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)
* A server-side request forgery flaw was discovered in the way ImageMagick
processed certain images. A remote attacker could exploit this flaw to mislead
an application using ImageMagick or an unsuspecting user using the ImageMagick
utilities into, for example, performing HTTP(S) requests or opening FTP sessions
via specially crafted images. (CVE-2016-3718)