Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
{ "vanir_signatures": [ { "id": "CVE-2016-9298-03d17d24", "digest": { "line_hashes": [ "108803887544933207921652367848139640909", "241262352205275242658987803109262691153", "329254550423753367698474066947586164653", "8030734403742389102431715366882888456" ], "threshold": 0.9 }, "target": { "file": "MagickCore/fx.c" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b", "deprecated": false, "signature_type": "Line" }, { "id": "CVE-2016-9298-f3518adb", "digest": { "length": 5141.0, "function_hash": "42865635685724586417624593351110569753" }, "target": { "function": "WaveletDenoiseImage", "file": "MagickCore/fx.c" }, "signature_version": "v1", "source": "https://github.com/imagemagick/imagemagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b", "deprecated": false, "signature_type": "Function" } ] }