CVE-2016-10060

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

933e96f01a8c889c7bf5ffd30020e86a02a046e7

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0a068cf62733700e63e61d7a39f95a4370abeb0f

Affected versions

6.*

6.9.4-0

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "227299882721116592709482475795133037974",
                    "87423675193590435593635474209794369085",
                    "193678056235101955212642375656884137402",
                    "136001555097471905373161129692814644905",
                    "201732433303800874486204640889434781598",
                    "38213447942917837284738099203544728467",
                    "70880295127880853930865286503725358981",
                    "82294672300045105876531221560026020191",
                    "163936732842345039575980593813037427724",
                    "210953262708847840916372944530476032683",
                    "299609937888473617492738237168869493698",
                    "68603826471207600799051290829842220978",
                    "159062777604320975964365798253145446874",
                    "230807452498302207957261887537972372602",
                    "218891157201433039815294326940180809119",
                    "61054882771673948893216017920530891121",
                    "114530958464579643041822068585147914912",
                    "305223350599904233618870653115878852195",
                    "314983525292805033308482743870525436060",
                    "216169808303816933301535212766451714014",
                    "45216771192111082260336579381064815148",
                    "305738967218639126891935087515538132474",
                    "84997710681039802485460629174208153819",
                    "51892563601825328510546416731384338232",
                    "35667306662873101273123497707186252454",
                    "294438163978125294760746749404815481723",
                    "123545197954672763000257115338877295504",
                    "154079374254416245463467555078021530543",
                    "192418729030346308367255542467062480410",
                    "332859666834437471998377559189094802391",
                    "90725133897147716297022623934891403958",
                    "193974196492180964798431324993977305882",
                    "90765364666920445852478026926468475413"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "MagickWand/magick-cli.c"
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CVE-2016-10060-040525e1",
            "source": "https://github.com/imagemagick/imagemagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7",
            "deprecated": false
        },
        {
            "digest": {
                "length": 1011.0,
                "function_hash": "195141214752207279250730582299668517571"
            },
            "target": {
                "function": "ConcatenateImages",
                "file": "MagickWand/magick-cli.c"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2016-10060-bb490a43",
            "source": "https://github.com/imagemagick/imagemagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7",
            "deprecated": false
        }
    ]
}