CVE-2016-7526
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-7526
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7526.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-7526
- Downstream
- Related
- Published
- 2017-04-20T18:59:01Z
- Modified
- 2025-11-04T20:34:36Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
- References
-
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/bugs/1539050
- https://bugzilla.redhat.com/show_bug.cgi?id=1378758
- https://github.com/ImageMagick/ImageMagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77
- https://github.com/ImageMagick/ImageMagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095
- https://github.com/ImageMagick/ImageMagick/issues/102
- https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
- https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
Affected packages
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2016-7526-03040af9",
"source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "274052643633555858941852038294576833544",
"length": 4390.0
},
"target": {
"function": "InsertRow",
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-224ecd84",
"source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "291194572662642279229280480153523271761",
"length": 11849.0
},
"target": {
"function": "ReadWPGImage",
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-64e6d24f",
"source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"103285228787620946142782869715282798147",
"299526059047460383861757491180470657592",
"95578327036182197068180801305850515142",
"75766519371248361780226681925486449249"
]
},
"target": {
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-6cd6f4a9",
"source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "11675639297204858977307468910856747069",
"length": 11783.0
},
"target": {
"function": "ReadWPGImage",
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-826c3bd7",
"source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"259884090484826856568342908046500566643",
"241564993952852797389510581534718583048",
"10086158481357944492019352432320900866",
"253818805422992802946968490427429795356",
"150894069944753803149192991897548354926",
"123302508057305672814701366759845757385",
"157851716441951450421338912549604514996",
"14399114298497964475220769272072220372",
"47758119579901101916502130830507007846",
"226229898543932025566375118028604430994",
"259188281780664081919599682243378408540",
"192757111336903685750336953083346553560",
"55326020350281613447974739370319359929",
"161751664784735953509360892415677852171",
"116378087604061334309526215234804025537",
"165080791139618033945788236131818507596",
"324301100619336709014504618875345966280",
"209413717151308010904354550526556105286",
"103152817862685377876477910207502448905",
"249319240804620926834547624314645813299",
"169891094385661908369698175190543160200",
"284750662486351637778012740443285535686",
"173513487929492134532946202455865233069",
"147831185790857945495746407553188103765",
"233024782624686754360940409338643686500",
"230689281942241368508363766939566818784",
"99615485626756735394753239073599354036",
"258858642990591035770079335962061283393",
"307224511755852774890402686341264572675",
"161829566823995562388125467018663190253"
]
},
"target": {
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-9d0dfdc4",
"source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"296202915652744921405100257105764390010",
"247150939643836653841183791585942424054",
"270312678384849432848536356204767338847",
"318478266732889627196422765315702091400"
]
},
"target": {
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-b6d08b52",
"source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "221561675724562337345846584259777321557",
"length": 4038.0
},
"target": {
"function": "InsertRow",
"file": "coders/wpg.c"
}
},
{
"id": "CVE-2016-7526-f2d507c1",
"source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "239231668748904030426607123732024111520",
"length": 4038.0
},
"target": {
"function": "InsertRow",
"file": "coders/wpg.c"
}
}
]