<vuln vid="fcf0125a-1218-11e6-b4a2-bc5ff4fb5ea1">

    <topic>ImageMagick -- multiple vulnerabilities</topic>

    <affects>

      <package>

	<name>ImageMagick</name>

	<range><lt>6.9.3.9,1</lt></range>

      </package>

    </affects>

    <description>

      <body xmlns="http://www.w3.org/1999/xhtml">

	<p>Openwall reports:</p>

	<blockquote cite="http://www.openwall.com/lists/oss-security/2016/05/03/18">

	  <p>Insufficient filtering for filename passed to delegate's command allows

	    remote code execution during conversion of several file formats. Any

	    service which uses ImageMagick to process user supplied images and uses

	    default delegates.xml / policy.xml, may be vulnerable to this issue.</p>

	  <p>It is possible to make ImageMagick perform a HTTP GET or FTP request</p>

	  <p>It is possible to delete files by using ImageMagick's 'ephemeral' pseudo

	    protocol which deletes files after reading.</p>

	  <p>It is possible to move image files to file with any extension in any

	    folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and

	    image.gif should exist in known location - /tmp/ for PoC (in real life

	    it may be web service written in PHP, which allows to upload raw txt

	    files and process images with ImageMagick).</p>

	  <p>It is possible to get content of the files from the server by using

	    ImageMagick's 'label' pseudo protocol.</p>

	</blockquote>

      </body>

    </description>

    <references>

      <cvename>CVE-2016-3714</cvename>

      <cvename>CVE-2016-3718</cvename>

      <cvename>CVE-2016-3715</cvename>

      <cvename>CVE-2016-3716</cvename>

      <cvename>CVE-2016-3717</cvename>

      <url>http://www.openwall.com/lists/oss-security/2016/05/03/18</url>

      <url>https://imagetragick.com/</url>

    </references>

    <dates>

      <discovery>2016-05-03</discovery>

      <entry>2016-05-04</entry>

    </dates>

  </vuln>