The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"vendor_product": "debian:debian_linux",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "42.1"
},
{
"last_affected": "42.1"
}
],
"vendor_product": "opensuse_project:leap",
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "7.0.3-8"
},
{
"last_affected": "7.0.3-8"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/imagemagick/imagemagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "320932621590700566942648456387954414978",
"length": 11330.0
},
"deprecated": false,
"id": "CVE-2016-9556-6914da3d",
"target": {
"function": "ReadSGIImage",
"file": "coders/sgi.c"
}
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"158914192519834743046715997327546238955",
"247723800267508866142098066814654315147",
"306954479034000166329109854572178577949",
"298672604460329150479975648851281235336"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2016-9556-a1b09a93",
"target": {
"file": "coders/sgi.c"
}
}
]
"2026-07-08T12:06:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9556.json"