CVE-2016-8684 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

7.8HIGHNVD

EPSS

1.1%

top 22.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux +1 more

Timeline

PublishedFeb 15

Latest updateMay 14

Description

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.25-5 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.25-5+3

▶NVDgraphicsmagick/graphicsmagick1.3.25

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 8.0

Patches

Patch: lists.opensuse.org ↗Patch: www.openwall.com ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-574g-c95j-4989: The MagickMalloc function in magick/memory↗2022-05-14

▶

CVEList

CVE-2016-8684: The MagickMalloc function in magick/memory↗2017-02-15

▶

OSV

CVE-2016-8684: The MagickMalloc function in magick/memory↗2017-02-15

▶

📋Vendor Advisories

Debian

CVE-2016-8684: graphicsmagick - The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows rem...↗2016

▶

💬Community

Bugzilla

CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 GraphicsMagick: Multiple security issues↗2016-10-17

▶

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [epel-all]↗2016-10-10

▶

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [fedora-all]↗2016-10-10

▶