CVE-2016-9830Improper Input Validation in Graphicsmagick

CWE-20Improper Input Validation9 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 30.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GraphicsmagickDebian GraphicsmagickDebian Linux+2 more
Timeline
PublishedMar 1
Latest updateMay 14

Description

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.25-6 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.25-6+3
NVDopensuse/leap42.1, 42.2+1

Also affects: Debian Linux 8.0

Patches

Patch: hg.code.sf.netPatch: blogs.gentoo.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-w9qw-rw42-h8cw: The MagickRealloc function in memory2022-05-14
CVEList
CVE-2016-9830: The MagickRealloc function in memory2017-03-01
OSV
CVE-2016-9830: The MagickRealloc function in memory2017-03-01

📋Vendor Advisories

1
Debian
CVE-2016-9830: graphicsmagick - The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote at...2016

💬Community

4
Bugzilla
CVE-2016-9830 GraphicsMagick: Memory allocation failure in MagickRealloc2016-12-05
Bugzilla
CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [epel-all]2016-10-10
Bugzilla
CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [fedora-all]2016-10-10
Bugzilla
CVE-2014-9830 ImageMagick: handling of corrupted sun file2016-06-07