CVE-2016-7534 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 26.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedApr 20

Latest updateMay 17

Description

The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.6.2+dfsg-2 (bookworm)

▶NVDimagemagick/imagemagick< 6.9.4-0

▶Debianimagemagick/imagemagick< 8:6.9.6.2+dfsg-2+3

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4qhx-g5hg-wvgv: The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file↗2022-05-17

▶

OSV

CVE-2016-7534: The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file↗2017-04-20

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2016-11-21

▶

Red Hat

ImageMagick: CbYCrY quantum heap-based OOB read/write↗2016-02-07

▶

Debian

CVE-2016-7534: imagemagick - The generic decoder in ImageMagick allows remote attackers to cause a denial of ...↗2016

▶

💬Community

Bugzilla

CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-↗2016-09-23

▶

Bugzilla

CVE-2016-7534 ImageMagick: CbYCrY quantum heap-based OOB read/write↗2016-09-23

▶