High severity8.8NVD Advisory· Published Jun 4, 2016· Updated May 6, 2026

CVE-2016-4563

Description

The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

Affected products

ImageMagick/Imagemagick4 versions
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <=6.9.3-0
- cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000