CVE-2016-7530 — Divide By Zero in Imagemagick

CWE-369 — Divide By Zero CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

2.2%

top 15.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedApr 20

Latest updateMay 17

Description

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.6.2+dfsg-2 (bookworm)

▶NVDimagemagick/imagemagick< 6.9.4-0

▶Debianimagemagick/imagemagick< 8:6.9.6.2+dfsg-2+3

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-533c-x5gf-vr3r: The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a craf↗2022-05-17

▶

OSV

CVE-2016-7530: The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a craf↗2017-04-20

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2016-11-21

▶

Red Hat

ImageMagick: out of bound in quantum handling↗2016-01-28

▶

Debian

CVE-2016-7530: imagemagick - The quantum handling code in ImageMagick allows remote attackers to cause a deni...↗2016

▶

💬Community

Bugzilla

CVE-2016-7530 ImageMagick: out of bound in quantum handling↗2016-09-23

▶

Bugzilla

CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-↗2016-09-23

▶