CVE-2016-10062

Vulnerability

The ReadGROUP4Image function in coders/tiff.c of ImageMagick does not check the return value of the fwrite function when writing output data. This flaw is present in versions prior to the fix [1][2][3]. An attacker can exploit this by providing a specially crafted TIFF file that causes fwrite to fail (e.g., due to a full disk or other I/O error), leading to an uncontrolled behavior.

Exploitation

An attacker needs only the ability to supply a crafted TIFF file to ImageMagick (e.g., via a web upload or command-line invocation). No authentication or special privileges are required. When ImageMagick processes the malicious file via ReadGROUP4Image, the unhandled fwrite failure can result in a segmentation fault or assert failure, crashing the process [1][2].

Impact

Successful exploitation leads to a denial of service (application crash). The attacker achieves no code execution or data exfiltration; the impact is limited to availability. The crash is triggered during image processing, affecting ImageMagick itself and any service relying on it [3].

Mitigation

The issue was fixed in ImageMagick by adding proper return-value checks for fwrite [2]. Users should update to a version containing the fix (e.g., after the commit referenced in the GitHub issue). Red Hat has rated the issue as Low severity and does not plan to address it in future updates [3]. If a patch cannot be applied, restrict processing of untrusted TIFF files as a workaround.