Skip to main content
All vulnerabilities
CVE-2016-3715

ImageMagick Arbitrary File Deletion Vulnerability

ImageMagickImageMagick

Added to KEV catalog
3 November 2021
Federal remediation due date
3 May 2022
Weakness classification (CWE)
CWE-284

CISA Description

ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2016-3715

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services