PublicDateAtUSN: 2016-05-05
Candidate: CVE-2016-3718
PublicDate: 2016-05-05 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
 http://www.openwall.com/lists/oss-security/2016/05/03/18
 https://ubuntu.com/security/notices/USN-2990-1
Description:
 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x
 before 7.0.1-1 allow remote attackers to conduct server-side request
 forgery (SSRF) attacks via a crafted image.
Ubuntu-Description:
 It was discovered that GraphicsMagick incorrectly handled certain image
 files. An attacker could possibly use this issue to cause a denial of
 service or other unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N [6.3 MEDIUM]

Patches_imagemagick:
upstream_imagemagick: needs-triage
precise_imagemagick: released (8:6.6.9.7-5ubuntu3.4)
precise/esm_imagemagick: DNE (precise was released [8:6.6.9.7-5ubuntu3.4])
trusty_imagemagick: released (8:6.7.7.10-6ubuntu3.1)
trusty/esm_imagemagick: DNE (trusty was released [8:6.7.7.10-6ubuntu3.1])
vivid/stable-phone-overlay_imagemagick: DNE
vivid/ubuntu-core_imagemagick: DNE
wily_imagemagick: released (8:6.8.9.9-5ubuntu2.1)
xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.1)
esm-infra/xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.1)
yakkety_imagemagick: released (8:6.8.9.9-7ubuntu7)
zesty_imagemagick: released (8:6.8.9.9-7ubuntu7)
artful_imagemagick: released (8:6.8.9.9-7ubuntu7)
bionic_imagemagick: released (8:6.8.9.9-7ubuntu7)
cosmic_imagemagick: released (8:6.8.9.9-7ubuntu7)
devel_imagemagick: released (8:6.8.9.9-7ubuntu7)

Patches_graphicsmagick:
upstream_graphicsmagick: needs-triage
precise_graphicsmagick: ignored (reached end-of-life)
precise/esm_graphicsmagick: DNE (precise was needs-triage)
trusty_graphicsmagick: released (1.3.18-1ubuntu3.1)
trusty/esm_graphicsmagick: released (1.3.18-1ubuntu3.1)
vivid/stable-phone-overlay_graphicsmagick: DNE
vivid/ubuntu-core_graphicsmagick: DNE
wily_graphicsmagick: ignored (reached end-of-life)
xenial_graphicsmagick: released (1.3.23-1ubuntu0.1)
yakkety_graphicsmagick: ignored (reached end-of-life)
zesty_graphicsmagick: ignored (reached end-of-life)
artful_graphicsmagick: ignored (reached end-of-life)
bionic_graphicsmagick: not-affected (1.3.24-1)
cosmic_graphicsmagick: not-affected (1.3.24-1)
devel_graphicsmagick: not-affected (1.3.24-1)