CVE-2016-10069

Published: Mar 2, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

Affected (2)

Products: Imagemagick: Imagemagick · Opensuse Project: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Up to 6.9.4-4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Project Leap	Version 42.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/12/26/9

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95216

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1410507

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html