High severity8.1NVD Advisory· Published Dec 13, 2016· Updated May 6, 2026
CVE-2016-5688
CVE-2016-5688
Description
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
Affected products
7cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <=6.9.4-3
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2fnvdPatchVendor Advisory
- github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7nvdPatchVendor Advisory
- github.com/ImageMagick/ImageMagick/commits/6.9.4-4nvdPatchVendor Advisory
- github.com/ImageMagick/ImageMagick/commits/7.0.1-5nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2016/06/14/5nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/06/17/3nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91283nvdThird Party AdvisoryVDB Entry
- blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.htmlnvd
News mentions
0No linked articles in our index yet.