CVE-2016-10146 — Missing Release of Memory after Effective Lifetime in Imagemagick

CWE-3998 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedMar 24

Latest updateMay 17

Description

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.7.0+dfsg-2 (bookworm)

▶NVDimagemagick/imagemagick< 6.9.6-8

▶Debianimagemagick/imagemagick< 8:6.9.7.0+dfsg-2+3

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-jgvh-5gxq-hwh4: Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) v↗2022-05-17

▶

OSV

CVE-2016-10146: Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) v↗2017-03-24

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2017-03-08

▶

Red Hat

ImageMagick: Memory leak in caption and label handling↗2016-12-11

▶

Debian

CVE-2016-10146: imagemagick - Multiple memory leaks in the caption and label handling code in ImageMagick allo...↗2016

▶

💬Community

Bugzilla

CVE-2016-10146 ImageMagick: Memory leak in caption and label handling↗2017-01-18

▶

Bugzilla

ImageMagick: various flaws [fedora-all]↗2017-01-05

▶