{"id":"CVE-2016-5688","details":"The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.","modified":"2026-05-13T12:00:24.961410479Z","published":"2016-12-13T15:59:01.217Z","related":["SUSE-SU-2016:1782-1","SUSE-SU-2016:1783-1","SUSE-SU-2016:1784-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"11.3"}]}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/14/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/17/3"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91283"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5"},{"type":"ARTICLE","url":"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"e46b7d19de7914881986ef939f690facc7a0198d"},{"last_affected":"044a9bc056a8e0a7979009b41901e97640626257"},{"last_affected":"f67a61425f27009d4ac16a62e31758e5af3a7226"},{"last_affected":"1a5fed605982a1a20e8e9bd57502e2ce94d7dc3e"},{"last_affected":"ac72d94febc1744579bad2646685a2054c087594"}],"database_specific":{"cpe":["cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"7.0.1-0"},{"last_affected":"7.0.1-1"},{"last_affected":"7.0.1-2"},{"last_affected":"7.0.1-3"},{"last_affected":"7.0.1-4"}]}}],"versions":["7.0.1-4","7.0.1-3","7.0.1-2","7.0.1-1","7.0.1-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5688.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"1bfb7f3c94227f029cdddb3790d4a4b7d4aaaa07"}],"database_specific":{"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"6.9.4-3"}]}}],"versions":["6.9.4-3","6.9.4-2","6.9.4-1","6.9.4-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5688.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}