cve/2016/CVE-2016-3717.md

CVE-2016-3717

Description

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

POC

Reference

• http://www.openwall.com/lists/oss-security/2016/05/03/18
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• https://www.exploit-db.com/exploits/39767/
• https://www.imagemagick.org/script/changelog.php

Github

• https://github.com/barrracud4/image-upload-exploits