CVE-2016-10061

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e914bbe371433f0590cefdf3bd5f3a5710069f9

Affected versions

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/imagemagick/imagemagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9",
        "id": "CVE-2016-10061-2e5920ee",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "coders/tiff.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "23349709727746711053188579013856864519",
                "58986783240197891261495673924012314370",
                "13886045691499352320238499746622938696",
                "249149924556329584619957143342533747147",
                "194617214962742878191353498368881514072",
                "112927820336197689989545973113965550443",
                "114562482044976191720667379828883396305",
                "125136520403128305235034756787681031558",
                "56353669216532575561930019841352689127",
                "121560467745627593058671063546801610512"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/imagemagick/imagemagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9",
        "id": "CVE-2016-10061-6bf5162d",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "ReadGROUP4Image",
            "file": "coders/tiff.c"
        },
        "digest": {
            "length": 3376.0,
            "function_hash": "263224951406887723923822644630727747750"
        },
        "signature_type": "Function"
    }
]

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac897074952c9d61f60435032a02cdc9742c4c5d

Affected versions

6.*

6.9.4-0

6.9.4-1

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7