CVE-2016-10068Improper Input Validation in Imagemagick

CWE-20Improper Input Validation7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 25.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickOpensuse LeapOpensuse Project Leap
Timeline
PublishedMar 2
Latest updateMay 14

Description

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianimagemagick/imagemagick< 8:6.9.6.5+dfsg-1+3
NVDopensuse/leap42.2

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-mj7w-q453-45j9: The MSL interpreter in ImageMagick before 62022-05-14
OSV
CVE-2016-10068: The MSL interpreter in ImageMagick before 62017-03-02
CVEList
CVE-2016-10068: The MSL interpreter in ImageMagick before 62017-03-02

📋Vendor Advisories

2
Red Hat
ImageMagick: Segmentation fault in MSL interpreter2016-11-02
Debian
CVE-2016-10068: imagemagick - The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cau...2016

💬Community

1
Bugzilla
CVE-2016-10068 ImageMagick: Segmentation fault in MSL interpreter2017-01-05
CVE-2016-10068 — Improper Input Validation | cvebase