Cyber Resilience

CVE-2016-3718

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 05 May 2016

Published
05 May 2016
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.8693 99.5th percentile
Risk Priority 83 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-3718 is a medium-severity SSRF (CWE-918) vulnerability in Redhat Enterprise Linux Eus. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and AC-4 (Information Flow Enforcement).

Deeper analysis

The vulnerability is an instance of server-side request forgery (SSRF), tracked as CWE-918, that affects the HTTP and FTP coders in ImageMagick versions prior to 6.9.3-10 and 7.x prior to 7.0.1-1. It is triggered when these coders process a specially crafted image file and carries a CVSS 3.1 base score of 5.5.

An attacker can supply the malicious image to any application or workflow that uses the vulnerable ImageMagick library for decoding. Successful exploitation allows the attacker to induce the ImageMagick process to issue arbitrary HTTP or FTP requests to internal or external resources, potentially bypassing network controls or accessing services reachable from the host running ImageMagick.

The referenced ImageMagick changelog and multiple openSUSE security advisories address the issue by releasing updated packages that disable or restrict the HTTP and FTP coders by default and correct the underlying request-handling logic.

EU & UK References

Vulnerability details

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redhat
enterprise linux desktop
6.0, 7.0
redhat
enterprise linux eus
6.7, 7.2, 7.3, 7.4, 7.5
redhat
enterprise linux for ibm z systems
6.0_s390x, 7.0_s390x
redhat
enterprise linux for ibm z systems eus
6.7_s390x, 7.2_s390x, 7.3_s390x, 7.4_s390x, 7.5_s390x
redhat
enterprise linux for power big endian
6.0_ppc64, 7.0_ppc64
redhat
enterprise linux for power big endian eus
6.7_ppc64, 7.2_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64
redhat
enterprise linux for power little endian
7.0_ppc64le
redhat
enterprise linux for power little endian eus
7.2_ppc64le, 7.3_ppc64le, 7.4_ppc64le, 7.5_ppc64le, 7.6_ppc64le
redhat
enterprise linux hpc node
6.0, 7.0
redhat
enterprise linux hpc node eus
7.2
+20 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates by disabling or restricting the HTTP and FTP coders that trigger the SSRF when processing crafted images.

prevent

Enforces information flow rules to block the arbitrary outbound HTTP/FTP requests initiated by the vulnerable coders.

prevent

Requires validation of image inputs to reject malformed files that embed SSRF payloads before the coders process them.

References