CVE-2016-3718

What Is ImageMagick?

ImageMagick is the standard open-source image processing library used by web applications globally to handle user-uploaded images. It supports hundreds of image formats through format-specific "coders" — some of which fetch external resources via HTTP, FTP, and other protocols as part of image processing workflows. When these network-fetching coders are accessible via user-controlled input, they create Server-Side Request Forgery (SSRF) vulnerabilities, allowing attackers to make the server perform HTTP requests to arbitrary destinations — including internal services not accessible from the internet.

CVE-2016-3718 is part of the ImageTragick cluster disclosed simultaneously on May 4, 2016, alongside the higher-severity CVE-2016-3714 (shell injection / RCE), CVE-2016-3715 (file deletion), and two other vulnerabilities.

Overview

CVE-2016-3718 is a Server-Side Request Forgery (SSRF) vulnerability in ImageMagick's HTTP and FTP coders. When ImageMagick processes a crafted image containing an embedded URL (via the HTTP or FTP pseudo-protocol), it fetches the specified URL from the server's network context — without restricting which hosts or internal addresses can be targeted. An attacker who can supply a crafted image to an ImageMagick-processing web application can use it to probe internal services, exfiltrate internal HTTP responses, or interact with cloud metadata endpoints (such as the AWS EC2 instance metadata service at 169.254.169.254). Part of the ImageTragick disclosure (May 2016). CISA added CVE-2016-3718 to the inaugural KEV catalog on November 3, 2021.

Affected Versions

Technical Details

Root Cause: Unrestricted URL Fetching via HTTP/FTP Coders

CVE-2016-3718 is an SSRF vulnerability (CWE-918) in ImageMagick's URL-fetching coders. ImageMagick's HTTP and FTP coders are designed to fetch image resources from remote URLs as part of image processing — for example, fetching a referenced image from an HTTP URL to embed in a composite operation. When user-controlled input reaches the URL parameter for these coders, the server makes an outbound HTTP/FTP request to an attacker-specified destination.

A crafted MVG (Magick Vector Graphics) or other image file containing:

push graphic-context
viewbox 0 0 640 480
image over 0,0 0,0 'http://internal-service.company.internal/admin/api'
pop graphic-context

causes ImageMagick to issue an HTTP GET request to the specified internal URL from the server's network. The response may be:

• Embedded in the processed image output (returning internal service data to the attacker)
• Observable through timing (port scanning)
• Used to interact with internal APIs (POST requests in more complex scenarios)

Cloud Metadata Exploitation

CVE-2016-3718 is particularly impactful in cloud environments. Cloud instances (AWS EC2, Google Compute Engine, Azure VM) provide an instance metadata service accessible at a link-local address (169.254.169.254) that exposes:

• AWS IAM role credentials — temporary AWS access keys for the instance's assigned role
• Instance configuration — region, VPC, security group membership
• User-data scripts — initialization scripts that may contain secrets

An attacker supplying http://169.254.169.254/latest/meta-data/iam/security-credentials/ as the SSRF target retrieves AWS IAM credentials that can be used to access AWS services (S3 buckets, EC2 APIs, DynamoDB tables) as the compromised instance's IAM role.

Attack Characteristics

Discovery

Discovered and disclosed by Nikolay Ermishkin (Mail.Ru Security Team) and "Stewie" as part of the ImageTragick coordinated disclosure on May 4, 2016.

Exploitation Context

• Cloud credential theft: CVE-2016-3718 was actively exploited to steal AWS IAM credentials from EC2 instances running vulnerable ImageMagick — fetching http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name> returned JSON containing AccessKeyId, SecretAccessKey, and Token usable to authenticate to AWS APIs
• Internal network reconnaissance: Web applications processing uploaded images on internal servers are particularly vulnerable; SSRF via CVE-2016-3718 can map internal services (databases, admin panels, microservices) not exposed to the internet
• ImageTragick cluster: In combined ImageTragick attacks, CVE-2016-3718 was used for reconnaissance when the primary RCE attempt (CVE-2016-3714) failed — SSRF could confirm which internal resources were accessible before attempting other attacks
• Inaugural CISA KEV batch: CVE-2016-3718 was included with CVE-2016-3715 in CISA's inaugural KEV release on November 3, 2021, reflecting confirmed exploitation of the SSRF component alongside the higher-severity ImageTragick vulnerabilities
• Continuing SSRF exploitation: SSRF via image processing libraries remains an active exploitation category; ImageMagick's CVE-2016-3718 was an early, high-profile instance of this attack class

Remediation

1. Update ImageMagick to 6.9.4+ or 7.0.2+ — apply the fully patched version. Verify with convert --version.

2. Disable HTTP, HTTPS, and FTP coders in policy.xml — add to ImageMagick's policy.xml:

   <policy domain="coder" rights="none" pattern="HTTP" />
   <policy domain="coder" rights="none" pattern="HTTPS" />
   <policy domain="coder" rights="none" pattern="FTP" />
   <policy domain="coder" rights="none" pattern="URL" />
   

3. Apply IMDSv2 on AWS EC2 — require Instance Metadata Service v2 (IMDSv2) on all EC2 instances; IMDSv2 requires a PUT request with a session token before metadata can be fetched, blocking simple SSRF access to 169.254.169.254.

4. Block outbound HTTP from image processing servers — restrict egress from servers running ImageMagick to only the destinations required for legitimate operations; block access to 169.254.169.254 and internal network ranges from application processes using a host-based firewall or network policy.

5. Apply the full ImageTragick policy.xml — disable all dangerous coders simultaneously (EPHEMERAL, HTTPS, MVG, MSL, URL, HTTP) to address the entire ImageTragick CVE cluster in a single configuration change.