CVE-2016-10068

Published: Mar 2, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

Affected (3)

Products: Imagemagick: Imagemagick · Opensuse: Leap · Opensuse Project: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Up to 6.9.6-3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.2
Opensuse Project Leap	Version 42.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/12/26/9

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95219

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1410500

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22

Source: cve@mitre.org

PatchThird Party Advisory

https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html