Mitel Product Security Advisory 16-0011
Multiple Vulnerabilities in ImageMagick
Advisory ID: 16-0011
Publish Date: 2016-05-09
Multiple vulnerabilities have been discovered in ImageMagick, an image framework used in some Mitel products. These vulnerabilities are collectively known as ImageTragick. The following CVEs are associated with these vulnerabilities:
The following CVE is associated with this vulnerability:
ImageMagick provides support for displaying, converting and editing image files. This application is included in Mitel Standard Linux and may be used by Mitel products or applications where images are used.
According to the Vulnerability Summaries for the aforementioned CVEs, the identified vulnerabilities potentially allow for the execution of arbitrary code or shell commands, server-side forgery (SSRF) attacks, or unauthorized access and manipulation of image files.
These vulnerabilities have varied levels of risk. CVE-2016-3714 has a CVSS v2 score of 10.0 (high).
Mitel is currently investigating these vulnerabilities to determine affected products and risk. This security advisory will be updated during the course of the investigation as details become available.