Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

ImageMagick security update

Number: AV16-073
Date: 6 May 2016

Purpose

The purpose of this advisory is to bring attention to the recently released security update for ImageMagick.

Assessment

ImageMagick Studio has released a security update for a critical vulnerability in ImageMagick. Exploitation of this vulnerability may allow for arbitrary remote code execution.

Affected versions:

  • ImageMagick versions 6.9.x prior to 6.9.3-10
  • ImageMagick versions 7.0.x prior to 7.0.1-1

CVE Reference: CVE-2016-3714

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

ImageMagick Security Update Download Page:
http://www.imagemagick.org/script/download.php

CCIRC Alert AL16-007:
al/al16-007-en.aspx.

Date modified: