CVE-2016-9556

CWE-119Buffer OverflowCWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 46.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Debian LinuxImagemagick ImagemagickOpensuse Project Leap
Timeline
PublishedMar 23
Latest updateMay 17

Description

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianimagemagick< 8:6.9.6.5+dfsg-1+3

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-3w2x-9vcq-46w8: The IsPixelGray function in MagickCore/pixel-accessor2022-05-17
OSV
CVE-2016-9556: The IsPixelGray function in MagickCore/pixel-accessor2017-03-23
CVEList
CVE-2016-9556: The IsPixelGray function in MagickCore/pixel-accessor2017-03-23

📋Vendor Advisories

4
Red Hat
ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h (Incomplete fix for CVE-2016-9556)2016-12-01
Ubuntu
ImageMagick vulnerabilities2016-11-30
Red Hat
ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h2016-11-19
Debian
CVE-2016-9556: imagemagick - The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 a...2016

💬Community

4
Bugzilla
CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all]2017-01-17
Bugzilla
CVE-2016-9559 CVE-2016-9556 ImageMagick: various flaws [fedora-all]2017-01-17
Bugzilla
CVE-2016-9773 ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h (Incomplete fix for CVE-2016-9556)2016-12-05
Bugzilla
CVE-2016-9556 ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h2016-11-24