Security Research Engineer at Ixia

Do Not Let ImageMagick Vulnerabilities Become Your ImageTragick

May 19, 2016 by Anthony Lecorchick

On May 3, 2016, the existence of several vulnerabilities in ImageMagick, a popular image manipulation suite, was disclosed. The following day, proof of concept code was made available at several online sources.

Of these five vulnerabilities, dubbed “ImageTragick,” four were discovered by Nikolay Ermishkin of Mail.Ru, and one by Stewie. All five vulnerabilities rely on ImageMagick performing processing on malicious files. Due to the scriptable nature of ImageMagick, some servers may do this automatically on file upload. In such cases, an attacker could remotely exploit these vulnerabilities with no user interaction. CloudFlare has reported seeing exploits in the wild. Let’s take a quick look at each vulnerability.

CVE-2016-3714 – Command Execution

Easily the most dangerous of the five vulnerabilities, this vulnerability allows command execution through processing a malicious mvg or svg file. ImageMagick's “delegate” feature allows external libraries to be used for processing images. One of the ways it can process images is to send wget requests to a system. An attacker can craft a malicious link which, when sent to a system, may execute an arbitrary command. For instance:

push graphic-context
viewbox 0 0 1024 768
fill 'url("|touch demo.txt "-f)'
pop graphic-context

The fill command, which would normally fill the page with a color or external image, would in this case execute the touch command, creating the file “demo.txt.” The actual command can be manipulated, and has been used in the wild to download and execute arbitrary programs or create reverse shells.

CVE-2016-3715 – File Deletion

ImageMagick's “ephemeral” protocol reads in and deletes a file after use. This can be used to delete arbitrary files:

push graphic-context
viewbox 0 0 1024 768
image over 0,0 0,0 'ephemeral:/path/to/file/to/delete.txt'

CVE-2016-3716 – File Move

ImageMagick's “msl” protocol allows reference to “magick scripting language” files, which are intended to be used to automate image manipulation tasks. The msl files are able to read and write files, and can thus be used to move files to and from arbitrary locations. An attacker can upload a malicious msl file and a malicious mvg file that invokes the msl file to move an arbitrary file.

msl file:

<?xml version="1.0" encoding="UTF-8"?>
<read filename="/path/to/source/file" />
<write filename="/path/to/destination" />

mvg file:

push graphic-context
viewbox 0 0 640 480
image over 0,0 0,0 'msl:/path/to/msl/file'

CVE-2016-3717 – File Read

ImageMagick's label protocol will allow the contents of a file to be output to a new file.

push graphic-context
viewbox 0 0 1024 768
image over 0,0 0,0 'label:@...path/to/file'
pop graphic-context

CVE-2016-3718 – Server Side Request Forgery

Using the same delegate feature as CVE-2016-3714, an attacker can cause the target to issue an HTTP GET request to an arbitrary URL.

push graphic-context
viewbox 0 0 1024 768
fill 'url('
pop graphic-context

In the proof of concept code, most of the exploits are invoked by running ImageMagick's convert command:

convert malicious_file.mvg outfile.jpg

In most cases, the output file is irrelevant, however in the case of CVE-2016-3717, the output file will contain the read contents. It is worth noting that though the malicious files are mvg or svg, ImageMagick will still process the file correctly regardless of the extension, so an attacker may attempt to evade detection by giving the file an arbitrary image file extension, such as jpg, png, or gif.

ImageMagick also has an identify command, which will give information about the image file, including the file type. This command is vulnerable, so while it may seem a good way to detect the above evasion, it will instead trigger the vulnerability.

ATI Update 2016-11 contains strikes for all except CVE-2016-3716, with that CVE expected to be covered in update 2016-12.


The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.