CVE-2016-5842
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5842
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5842.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5842
- Downstream
- Related
- Published
- 2016-12-13T15:59:07Z
- Modified
- 2025-11-02T14:55:07.509630Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
- References
-
- http://www.openwall.com/lists/oss-security/2016/06/23/1
- http://www.openwall.com/lists/oss-security/2016/06/25/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91394
- https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
- https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1
- https://security.gentoo.org/glsa/201611-21
Affected packages
Git / github.com/imagemagick/imagemagick6
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
Database specific
vanir_signatures
[
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-02c7f30a",
"target": {
"function": "GetEXIFProperty",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 18385.0,
"function_hash": "55237378908884621084424283623449618560"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-32bff733",
"target": {
"function": "ReadPropertySignedLong",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 607.0,
"function_hash": "80854876286126202922081841379473810412"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-524ba391",
"target": {
"function": "ReadPropertyUnsignedLong",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 483.0,
"function_hash": "225974067239017879174424033864831064537"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-5ee51311",
"target": {
"function": "ReadPropertyMSBLong",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 592.0,
"function_hash": "30962091075374899492209851493597672423"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-7a26b19f",
"target": {
"function": "ReadResourceLong",
"file": "MagickCore/profile.c"
},
"signature_type": "Function",
"digest": {
"length": 299.0,
"function_hash": "295987957703078099797099852074412043651"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-81e890dc",
"target": {
"function": "ReadPropertyUnsignedShort",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 425.0,
"function_hash": "337746688520845042896054326952555653057"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-9d0977a5",
"target": {
"file": "MagickCore/profile.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"269303692328728058379761101084554638269",
"114453291194694078589658417733285190504",
"150650287829833277593408911668143887832",
"129841396773769932195516635863039455550",
"198189083541439664358739337516858606555",
"289641882643911467300342992186770286970",
"22358119434534413763766764750773007017",
"337878333182260087212450702873572738851",
"113439369805725766098089611289792708720",
"99561184264661633743713794484263870694",
"189616634083365487314213713668269045063",
"234271529421717109997218583579234600010",
"297896288429292179589198251834846110579",
"294055282482727609383151763572980683875",
"20979379611360872603566363542380666891",
"194952079568003139129372966145662780907",
"62616194367945504321012191555331696830",
"179188582101905753298148876361355253653",
"28886862729191991637117173614007413473",
"177237715279828920062714507544589924391",
"115479265993410944128559735400597228040",
"289523600392301877415516195723497131596",
"136741147495810625768975823178639836930",
"44814242545056857762793862709548301546",
"161193170911498155336254902662688348242",
"316914203742981495137170449600998786257",
"239344926510325030097718131987326674166",
"156635267553407807297352372191579532732",
"333786509589120612394118931113200008312",
"79973441125043933946070030490409043008",
"254456683470500208924176528416945290247",
"268326390176383680023481640723022994649",
"45127830391285578678318148632335583663",
"204992086225402950958723217240616107260",
"7044973816095863284164823356367706440",
"136941416422006725428496149456709327208",
"189298762382057367958233224113972290946",
"168792675982422497764491017476158197716",
"181641486799379768542856763386860809623",
"70209603330517065426461536924083447344",
"53645610936087069182475455603961039504",
"261128923802723148554592281260328158853",
"16546488639457447087166482182796893989",
"242759253922470114975643010465894194238",
"262432829361664238437230626886048608716",
"121856050627565294997302975949095701960"
]
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-b3849887",
"target": {
"function": "SyncExifProfile",
"file": "MagickCore/profile.c"
},
"signature_type": "Function",
"digest": {
"length": 3509.0,
"function_hash": "114981307785579676265415587216138273572"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-bd09206d",
"target": {
"function": "ReadProfileShort",
"file": "MagickCore/profile.c"
},
"signature_type": "Function",
"digest": {
"length": 539.0,
"function_hash": "216666948467973874396557109928958021652"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-be02c26a",
"target": {
"function": "ReadPropertySignedShort",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 549.0,
"function_hash": "79305794743156296775914187004568655158"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-c77a6326",
"target": {
"function": "ReadProfileLong",
"file": "MagickCore/profile.c"
},
"signature_type": "Function",
"digest": {
"length": 601.0,
"function_hash": "205359648004611228560920417483020693500"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-dd4fbe73",
"target": {
"file": "MagickCore/property.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"267394704626636059657389807937115106144",
"124106136362465260684380499032430463902",
"112487884724964919504930756362510745511",
"141860418788488592677866060226399603396",
"109365529489800770479102407121825453170",
"245842062924831391923055699587067595655",
"135730615785095430339457858837193552222",
"111314287867212238929795748625529379483",
"165737079068018187224065784153452973023",
"194060499689324575031129997203145644526",
"265688671019503244704992899766494973206",
"748853455097152700553296927541285874",
"185644568087713988257396848667991881294",
"266123994008562305409919544356815879567",
"171763893503893677268922869053422107848",
"175665321445427632442113994230408942286",
"134380489962816369974276096234628215899",
"80477784496041673201226188217718127383",
"239344926510325030097718131987326674166",
"156635267553407807297352372191579532732",
"333786509589120612394118931113200008312",
"79973441125043933946070030490409043008",
"254456683470500208924176528416945290247",
"268326390176383680023481640723022994649",
"45127830391285578678318148632335583663",
"204992086225402950958723217240616107260",
"7044973816095863284164823356367706440",
"136941416422006725428496149456709327208",
"334683581991415635226787937262125254522",
"239344926510325030097718131987326674166",
"156635267553407807297352372191579532732",
"295733013080276656957987610025922742003",
"331743155602173384733488506170549422409",
"48294602124050790264649895549564062264",
"70751219415163978231319425191337639890",
"179911615616505372092797923730273036921",
"328779293261799298985949863947914495063",
"6395810752485650573440161146589817721",
"181526064451947864654128624131569084352",
"62616194367945504321012191555331696830",
"179188582101905753298148876361355253653",
"28886862729191991637117173614007413473",
"177237715279828920062714507544589924391",
"115479265993410944128559735400597228040",
"289523600392301877415516195723497131596",
"136741147495810625768975823178639836930",
"44814242545056857762793862709548301546",
"161193170911498155336254902662688348242",
"260983280684236997923948046252557234798",
"62616194367945504321012191555331696830",
"69305758903936450820638360773224813406",
"314159495614600587603400714867601372248",
"260140289143176212017628172875121524180",
"165643092682338314098835415959427734202",
"148713230948193392892586328304495113496",
"218783342919724488002426174550361361080",
"265773785816036220607091735430782918765",
"15260342906504372406583565442700339195",
"249258100414306539984051772651774750839",
"107999970718024872347408596526300339386",
"339000951756442050368376366403023031179",
"127786037897697506764713963483159262857",
"51937998899101337093056807379353992062",
"233282645264548482040382321391662819373",
"17315465376800833452992308560053114182",
"301060934373501452540269809044151181251"
]
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-ddf61db8",
"target": {
"function": "ReadResourceShort",
"file": "MagickCore/profile.c"
},
"signature_type": "Function",
"digest": {
"length": 229.0,
"function_hash": "111923842134492721270870758431891675409"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5842-de121d3a",
"target": {
"function": "ReadPropertyMSBShort",
"file": "MagickCore/property.c"
},
"signature_type": "Function",
"digest": {
"length": 574.0,
"function_hash": "236794236153902799583195688270233105194"
}
}
]