Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
[
{
"id": "CVE-2016-9298-03d17d24",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"108803887544933207921652367848139640909",
"241262352205275242658987803109262691153",
"329254550423753367698474066947586164653",
"8030734403742389102431715366882888456"
],
"threshold": 0.9
},
"target": {
"file": "MagickCore/fx.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b",
"deprecated": false
},
{
"id": "CVE-2016-9298-f3518adb",
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 5141.0,
"function_hash": "42865635685724586417624593351110569753"
},
"target": {
"function": "WaveletDenoiseImage",
"file": "MagickCore/fx.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b",
"deprecated": false
}
]