CVE-2016-9830

Published: Mar 1, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

Affected (5)

Products: Graphicsmagick: Graphicsmagick · Debian: Debian Linux · Opensuse: Leap, Opensuse

1 product

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Graphicsmagick Graphicsmagick	Version 1.3.25

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Leap	Version 42.2
Opensuse Opensuse	Version 13.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3746

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/12/05/5

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/94625

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1401536

Source: cve@mitre.org

Issue TrackingPatch

http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8