CVE-2016-5690NULL Pointer Dereference in Imagemagick

CWE-476NULL Pointer DereferenceCWE-190Integer Overflow or Wraparound9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
1.5%
top 18.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickOracle Solaris
Timeline
PublishedDec 13
Latest updateMay 17

Description

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debianimagemagick/imagemagick< 8:6.9.6.2+dfsg-2+3
NVDoracle/solaris11.3

🔴Vulnerability Details

3
GHSA
GHSA-8jhm-94f4-rx5j: The ReadDCMImage function in DCM reader in ImageMagick before 62022-05-17
CVEList
CVE-2016-5690: The ReadDCMImage function in DCM reader in ImageMagick before 62016-12-13
OSV
CVE-2016-5690: The ReadDCMImage function in DCM reader in ImageMagick before 62016-12-13

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2016-11-21
Red Hat
ImageMagick: Possible integer overflow when computing pixel scaling table in ReadDCMImage2016-06-14
Debian
CVE-2016-5690: imagemagick - The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x be...2016

💬Community

2
Bugzilla
CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 imagemagick: various flaws [fedora-all]2016-06-20
Bugzilla
CVE-2016-5690 ImageMagick: Possible integer overflow when computing pixel scaling table in ReadDCMImage2016-06-20
CVE-2016-5690 — NULL Pointer Dereference in Imagemagick | cvebase