Cyber Resilience

CVE-2016-3715

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 05 May 2016

Published
05 May 2016
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.8925 99.6th percentile
Risk Priority 85 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-3715 is a medium-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Redhat Enterprise Linux Eus. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability CVE-2016-3715 resides in the EPHEMERAL coder component of ImageMagick versions before 6.9.3-10 and 7.x before 7.0.1-1. It is tracked under CWE-552 and carries a CVSS 3.1 score of 5.5, reflecting a local attack vector that requires low complexity and no privileges but does involve user interaction.

An attacker can supply a crafted image that triggers the coder to delete arbitrary files on the affected system when the image is processed. The impact is limited to integrity, with no direct effect on confidentiality or availability.

OpenSUSE security advisories and the ImageMagick ChangeLog reference the issue and corresponding updates for affected distributions.

EU & UK References

Vulnerability details

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux eus
6.7, 7.2, 7.3, 7.4, 7.5
redhat
enterprise linux for ibm z systems
6.0_s390x, 7.0_s390x
redhat
enterprise linux for ibm z systems eus
6.7_s390x, 7.2_s390x, 7.3_s390x, 7.4_s390x, 7.5_s390x
redhat
enterprise linux for power big endian
6.0_ppc64, 7.0_ppc64
redhat
enterprise linux for power big endian eus
6.7_ppc64, 7.2_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64
redhat
enterprise linux for power little endian
7.0_ppc64le
redhat
enterprise linux for power little endian eus
7.2_ppc64le, 7.3_ppc64le, 7.4_ppc64le, 7.5_ppc64le, 7.6_ppc64le
redhat
enterprise linux hpc node
6.0, 7.0
redhat
enterprise linux hpc node eus
7.2
+20 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the crafted image input that triggers the EPHEMERAL coder to perform unauthorized file deletions.

prevent

Ensures the ImageMagick process runs with only the minimal privileges needed, preventing deletion of arbitrary files even if the coder is exploited.

prevent

Allows disabling the vulnerable EPHEMERAL coder (or restricting ImageMagick functionality) so the attack vector cannot be reached.

References