CVE-2016-5691

Published: Dec 13, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

Affected (9)

Products: Oracle: Solaris · Imagemagick: Imagemagick

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Up to 6.9.4-4
Imagemagick Imagemagick	Version 7.0.1-0
Imagemagick Imagemagick	Version 7.0.1-1
Imagemagick Imagemagick	Version 7.0.1-2
Imagemagick Imagemagick	Version 7.0.1-3
Imagemagick Imagemagick	Version 7.0.1-4
Imagemagick Imagemagick	Version 7.0.1-5
Imagemagick Imagemagick	Version 7.0.1-6

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://www.openwall.com/lists/oss-security/2016/06/14/5

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/3

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91283

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html

Source: cve@mitre.org

https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d

Source: cve@mitre.org

ExploitVendor Advisory

http://www.openwall.com/lists/oss-security/2016/06/14/5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/3

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91283

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.