CVE-2016-10062 — Unchecked Return Value in Imagemagick

CWE-388 CWE-252 — Unchecked Return Value8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 35.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedMar 2

Latest updateMay 17

Description

The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.7.4+dfsg-1 (bookworm)

▶NVDimagemagick/imagemagick< 7.0.1-10

▶Debianimagemagick/imagemagick< 8:6.9.7.4+dfsg-1+3

🔴Vulnerability Details

GHSA

GHSA-rvg9-g4rg-6wfj: The ReadGROUP4Image function in coders/tiff↗2022-05-17

▶

OSV

CVE-2016-10062: The ReadGROUP4Image function in coders/tiff↗2017-03-02

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2017-03-08

▶

Red Hat

ImageMagick: Write path does not check return of fwrite↗2016-06-04

▶

Debian

CVE-2016-10062: imagemagick - The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10062 ImageMagick: Write path does not check return of fwrite↗2017-01-05

▶

Bugzilla

ImageMagick: various flaws [fedora-all]↗2017-01-05

▶