Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2016-8866

Published: 15/02/2017 Updated: 28/04/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 prior to 7.0.3.8 allows remote malicious users to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

opensuse leap 42.1

opensuse leap 42.2

opensuse opensuse 13.2

Vendor Advisories

Debian CVElist Bug Report Logs: imagemagick: CVE-2017-7275
Debian Bug report logs - #859025 imagemagick: CVE-2017-7275 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Mar 2017 16:36:01 UTC Severity: minor Tags: fixed-upstre ...
Debian CVElist Bug Report Logs: CVE-2016-8862: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)
Debian Bug report logs - #845634 CVE-2016-8862: imagemagick: memory allocation failure in AcquireMagickMemory (memoryc) Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Bastien ROUCARIES <roucariesbastien@gmailcom> Dat ...
Red Hat: CVE-2016-8866
The AcquireMagickMemory function in MagickCore/memoryc in ImageMagick 7033 before 7038 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 ...

References

CWE-119https://github.com/ImageMagick/ImageMagick/issues/271https://bugzilla.redhat.com/show_bug.cgi?id=1388816https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/http://www.openwall.com/lists/oss-security/2016/10/21/5http://www.openwall.com/lists/oss-security/2016/10/20/3http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.htmlhttp://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859025
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook