CVE-2016-7996 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 21.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedJan 18

Latest updateMay 17

Description

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.21-2 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.21-2+3

▶NVDgraphicsmagick/graphicsmagick1.3.25

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-vphw-m7v9-5929: Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1↗2022-05-17

▶

OSV

CVE-2016-7996: Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1↗2017-01-18

▶

📋Vendor Advisories

Debian

CVE-2016-7996: graphicsmagick - Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and...↗2016

▶

💬Community

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [epel-all]↗2016-10-10

▶

Bugzilla

CVE-2016-7996 CVE-2016-7997 GraphicsMagick: WPG Reader Issues↗2016-10-10

▶

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [fedora-all]↗2016-10-10

▶