Published: 15/02/2017 Updated: 22/02/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 7.0.3-0

Debian Bug report logs - #845204 CVE-2016-8678: Q64 version heap-based buffer overflow in IsPixelMonochrome Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Date: Mon, 21 No ...

The IsPixelMonochrome function in MagickCore/pixel-accessorh in ImageMagick 7030 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file NOTE: the vendor says "This is a Q64 issue and we do not support Q64" ...

CWE-125 https://github.com/ImageMagick/ImageMagick/issues/272 https://bugzilla.redhat.com/show_bug.cgi?id=1385694 http://www.securityfocus.com/bid/93599 http://www.openwall.com/lists/oss-security/2016/12/08/18 http://www.openwall.com/lists/oss-security/2016/10/16/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845204 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-8678

CVE-2016-8678

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect