CVE-2016-9773 — Heap-based Buffer Overflow in Imagemagick

CWE-122 — Heap-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 35.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedFeb 17

Latest updateMay 17

Description

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/imagemagick

▶NVDimagemagick/imagemagick7.0.3-8

Patches

Patch: blogs.gentoo.org ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-97pw-p5qg-c64q: Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor↗2022-05-17

▶

📋Vendor Advisories

Red Hat

ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h (Incomplete fix for CVE-2016-9556)↗2016-12-01

▶

Debian

CVE-2016-9773: imagemagick - Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-acces...↗2016

▶

💬Community

Bugzilla

CVE-2016-9773 ImageMagick: Heap-buffer overflow in IsPixelGray in pixel-accessor.h (Incomplete fix for CVE-2016-9556)↗2016-12-05

▶