CVE-2016-7513
Description
An off-by-one error in ImageMagick's cache.c can cause a segmentation fault, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An off-by-one error in ImageMagick's cache.c can cause a segmentation fault, leading to denial of service.
Vulnerability
An off-by-one error exists in the CopyPixels function within magick/cache.c in ImageMagick. This flaw occurs when cloning pixel cache data, where the size calculation for memory operations is off by one, potentially causing an out-of-bounds read or write. The vulnerability affects ImageMagick versions prior to the commit that removed the CopyPixels function and replaced it with a corrected memcpy call [1][2].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted image file to ImageMagick. No authentication or special privileges are required; the attack can be performed remotely if the application processes untrusted images. The exact trigger is unspecified, but the off-by-one error leads to a segmentation fault when the pixel cache is cloned [1].
Impact
Successful exploitation results in a denial of service (DoS) due to a segmentation fault. The application crashes, potentially disrupting services that rely on ImageMagick for image processing. There is no indication of code execution or information disclosure [1].
Mitigation
The fix is implemented in commit a54fe0e8600eaf3dc6fe717d3c0398001507f723 [2]. Users should update ImageMagick to a version that includes this commit. Red Hat Enterprise Linux 5, 6, and 7 are not affected by this issue [3]. No workarounds have been published.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- osv-coords13 versionspkg:apk/chainguard/imagemagickpkg:apk/chainguard/imagemagick-devpkg:apk/chainguard/imagemagick-docpkg:apk/chainguard/imagemagick-staticpkg:apk/wolfi/imagemagickpkg:apk/wolfi/imagemagick-devpkg:apk/wolfi/imagemagick-docpkg:apk/wolfi/imagemagick-staticpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 0+ 12 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.8.8.1-40.1
- (no CPE)range: < 6.8.8.1-40.1
- (no CPE)range: < 6.8.8.1-40.1
- (no CPE)range: < 6.8.8.1-40.1
- (no CPE)range: < 6.8.8.1-40.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2016/09/22/2nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723nvdPatchVendor Advisory
- www.securityfocus.com/bid/93121nvdThird Party AdvisoryVDB Entry
- bugs.debian.org/cgi-bin/bugreport.cginvdThird Party Advisory
News mentions
0No linked articles in our index yet.