{"id":"CVE-2016-5689","details":"The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.","modified":"2026-02-24T11:13:51.309668Z","published":"2016-12-13T15:59:02.530Z","related":["SUSE-SU-2016:1782-1","SUSE-SU-2016:1784-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/14/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/17/3"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91283"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"},{"type":"ARTICLE","url":"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html"},{"type":"EVIDENCE","url":"https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"5511ef530576ed18fd636baa3bb4eda3d667665d"}]}],"versions":["7.0.1-0","7.0.1-1","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5689.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["125690708503204704179866250422592584464","297118995262517685663034534754128752549","71456700239368997875191045675705977984","310300479292880551150267313013585917428","75158705854446966296570889487461669595","256487543234322570650697034452382529675","101800047312087569013320574819529047408","278330530480765877102691904248489772845","269998386639281855675428201403715945157","222744906410054753423939657109388688498","31328229820292102911312279564588830172","230150294241990504871522991641849196906","303987760605767369302449797372453866768","199538023032157869037437909163117919625","281035373911219828636523423704845789944","134836911006447715844848858788155042871"]},"id":"CVE-2016-5689-0d876578","signature_type":"Line","source":"https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d","target":{"file":"coders/dcm.c"},"deprecated":false,"signature_version":"v1"},{"digest":{"length":27156,"function_hash":"319746287147606933465858284226449158380"},"id":"CVE-2016-5689-9ac331bb","signature_type":"Function","source":"https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d","target":{"function":"ReadDCMImage","file":"coders/dcm.c"},"deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}