Mitel Product Security Advisory 16-0011

Multiple Vulnerabilities in ImageMagick

Advisory ID: 16-0011
Publish Date: 2016-05-09
Revision: 1.0

Summary

Multiple vulnerabilities have been discovered in ImageMagick, an image framework used in some Mitel products. These vulnerabilities are collectively known as ImageTragick. The following CVEs are associated with these vulnerabilities:

The following CVE is associated with this vulnerability:

  • CVE-2016-3714
  • CVE-2016-3715
  • CVE-2016-3716
  • CVE-2016-3717
  • CVE-2016-3718

Detailed Description

ImageMagick provides support for displaying, converting and editing image files. This application is included in Mitel Standard Linux and may be used by Mitel products or applications where images are used.

According to the Vulnerability Summaries for the aforementioned CVEs, the identified vulnerabilities potentially allow for the execution of arbitrary code or shell commands, server-side forgery (SSRF) attacks, or unauthorized access and manipulation of image files.

These vulnerabilities have varied levels of risk. CVE-2016-3714 has a CVSS v2 score of 10.0 (high).

Mitel is currently investigating these vulnerabilities to determine affected products and risk. This security advisory will be updated during the course of the investigation as details become available.

External References

ImageTragick

Related CVEs / Advisories

CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718