QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5688

Published: Dec 13, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

x_refsource_CONFIRM

https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f

x_refsource_CONFIRM

[oss-security] 20160617 Re: Various invalid memory reads in ImageMagick (WPG, DDS, DCM)

mailing-list

x_refsource_MLIST

https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7

x_refsource_CONFIRM

[oss-security] 20160614 Various invalid memory reads in ImageMagick (WPG, DDS, DCM)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.