CVE-2016-5688
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5688
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5688.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5688
- Downstream
- Related
- Published
- 2016-12-13T15:59:01Z
- Modified
- 2025-10-14T15:43:22.159596Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
- References
-
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
- https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
- https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4
- https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
Affected packages
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick6
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affected
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 7945.0,
"function_hash": "72809647637280565824983334021021529635"
},
"target": {
"function": "OpenPixelCache",
"file": "MagickCore/cache.c"
},
"signature_type": "Function",
"source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-13ce21f0"
},
{
"digest": {
"line_hashes": [
"290584930245094986198409811660524185053",
"317887526420752321230979234148795944236",
"289454378081425118523668904136587896834",
"226407080177757049156873276359830884467",
"120859661043048946946333961149048632408",
"334226194622420835021555523262904689197",
"197805291447083308206149075321773785235",
"52896354688185095764008338588287758663",
"309277963772199422984263840105912057090",
"217762545086857290390415744119826831083",
"275765658176708660247917740740722594405",
"319570536527132405217467385660572697745",
"84401320335838798864761542588995076410",
"5929252833585505000467083526661866021"
],
"threshold": 0.9
},
"target": {
"file": "coders/wpg.c"
},
"signature_type": "Line",
"source": "https://github.com/imagemagick/imagemagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-80011e2b"
},
{
"digest": {
"length": 4146.0,
"function_hash": "112595478332372537989784891132300193587"
},
"target": {
"function": "CloneImage",
"file": "MagickCore/image.c"
},
"signature_type": "Function",
"source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-8c13fc1f"
},
{
"digest": {
"line_hashes": [
"120831310446799761248751621864552862659",
"144555323116376029190532268056337195798",
"279148503738646452488520717201283591653",
"129626382430702992517780016545509344028",
"296408050992988648284932206208651883087",
"14543995638151310093237245804460465875",
"324904478738611458705314176876477885525",
"269726917320380422511519836113986622530",
"80137253431406971029631984286137869001",
"66581534854776199800096637416044424729",
"137517575582475808463823424976424700249",
"184132997090639054663596222134371318148",
"126758484386820947510164596989372935997",
"305365869112126856560107933276065003892",
"124634286631099886374741093067223652439",
"215832350195892322730113685545615517210",
"51506374230171580612940895707342760888",
"334619740070690733833776029802773487575",
"230540054804232375420774227827948302866",
"165349625123635821592165998673127278824"
],
"threshold": 0.9
},
"target": {
"file": "MagickCore/cache.c"
},
"signature_type": "Line",
"source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-9cf90936"
},
{
"digest": {
"line_hashes": [
"87843269622060485559679692963953899814",
"116489015082790016687258357910714475933",
"101025356804883231786904477750292549428",
"296022639761418808898012969989528199869"
],
"threshold": 0.9
},
"target": {
"file": "MagickCore/image.c"
},
"signature_type": "Line",
"source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-b5912e53"
},
{
"digest": {
"length": 11847.0,
"function_hash": "69505567914165268061112661308026142772"
},
"target": {
"function": "ReadWPGImage",
"file": "coders/wpg.c"
},
"signature_type": "Function",
"source": "https://github.com/imagemagick/imagemagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-5688-bc7b5a5c"
}
]
}