CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aecd0ada163a4d6c769cec178955d5f3e9316f2f

Fixed

fc43974d34318c834fbf78570ca1a3764ed8c7d7

Affected versions

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "72809647637280565824983334021021529635",
            "length": 7945.0
        },
        "target": {
            "file": "MagickCore/cache.c",
            "function": "OpenPixelCache"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-13ce21f0",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "290584930245094986198409811660524185053",
                "317887526420752321230979234148795944236",
                "289454378081425118523668904136587896834",
                "226407080177757049156873276359830884467",
                "120859661043048946946333961149048632408",
                "334226194622420835021555523262904689197",
                "197805291447083308206149075321773785235",
                "52896354688185095764008338588287758663",
                "309277963772199422984263840105912057090",
                "217762545086857290390415744119826831083",
                "275765658176708660247917740740722594405",
                "319570536527132405217467385660572697745",
                "84401320335838798864761542588995076410",
                "5929252833585505000467083526661866021"
            ]
        },
        "target": {
            "file": "coders/wpg.c"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-80011e2b",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "112595478332372537989784891132300193587",
            "length": 4146.0
        },
        "target": {
            "file": "MagickCore/image.c",
            "function": "CloneImage"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-8c13fc1f",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "120831310446799761248751621864552862659",
                "144555323116376029190532268056337195798",
                "279148503738646452488520717201283591653",
                "129626382430702992517780016545509344028",
                "296408050992988648284932206208651883087",
                "14543995638151310093237245804460465875",
                "324904478738611458705314176876477885525",
                "269726917320380422511519836113986622530",
                "80137253431406971029631984286137869001",
                "66581534854776199800096637416044424729",
                "137517575582475808463823424976424700249",
                "184132997090639054663596222134371318148",
                "126758484386820947510164596989372935997",
                "305365869112126856560107933276065003892",
                "124634286631099886374741093067223652439",
                "215832350195892322730113685545615517210",
                "51506374230171580612940895707342760888",
                "334619740070690733833776029802773487575",
                "230540054804232375420774227827948302866",
                "165349625123635821592165998673127278824"
            ]
        },
        "target": {
            "file": "MagickCore/cache.c"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-9cf90936",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "87843269622060485559679692963953899814",
                "116489015082790016687258357910714475933",
                "101025356804883231786904477750292549428",
                "296022639761418808898012969989528199869"
            ]
        },
        "target": {
            "file": "MagickCore/image.c"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-b5912e53",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "69505567914165268061112661308026142772",
            "length": 11847.0
        },
        "target": {
            "file": "coders/wpg.c",
            "function": "ReadWPGImage"
        },
        "signature_version": "v1",
        "id": "CVE-2016-5688-bc7b5a5c",
        "deprecated": false,
        "source": "https://github.com/imagemagick/imagemagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7"
    }
]

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected