CVE-2016-8677 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 29.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux +1 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.6.2+dfsg-1 (bookworm)

▶NVDimagemagick/imagemagick7.0.0-0 — 7.0.3-1+1

▶Debianimagemagick/imagemagick< 8:6.9.6.2+dfsg-1+3

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.com ↗Patch: blogs.gentoo.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcw9-9pmh-fjfc: The AcquireQuantumPixels function in MagickCore/quantum↗2022-05-13

▶

CVEList

CVE-2016-8677: The AcquireQuantumPixels function in MagickCore/quantum↗2017-02-15

▶

OSV

CVE-2016-8677: The AcquireQuantumPixels function in MagickCore/quantum↗2017-02-15

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2016-11-30

▶

Red Hat

ImageMagick: Memory allocation failure in AcquireQuantumPixels↗2016-09-16

▶

Debian

CVE-2016-8677: imagemagick - The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before ...↗2016

▶

💬Community

Bugzilla

CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixels↗2016-10-17

▶

Bugzilla

CVE-2016-7799 CVE-2016-7906 CVE-2016-8677 CVE-2016-8678 CVE-2016-8862 CVE-2016-8866 CVE-2016-9298 ImageMagick: various flaws [fedora-all]↗2016-10-03

▶