CVE-2016-5688

Published: Dec 13, 2016Modified: May 6, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Affected (7)

Products: Oracle: Solaris · Imagemagick: Imagemagick

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Up to 6.9.4-3
Imagemagick Imagemagick	Version 7.0.1-0
Imagemagick Imagemagick	Version 7.0.1-1
Imagemagick Imagemagick	Version 7.0.1-2
Imagemagick Imagemagick	Version 7.0.1-3
Imagemagick Imagemagick	Version 7.0.1-4

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://www.openwall.com/lists/oss-security/2016/06/14/5

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/3

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91283

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html

Source: cve@mitre.org

https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5

Source: cve@mitre.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2016/06/14/5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/3

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91283

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.