{"id":"CVE-2016-5690","details":"The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.","modified":"2026-05-13T12:00:26.233595246Z","published":"2016-12-13T15:59:03.873Z","related":["SUSE-SU-2016:1782-1","SUSE-SU-2016:1784-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"11.3"}]}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/14/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/17/3"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91283"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog"},{"type":"ARTICLE","url":"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html"},{"type":"EVIDENCE","url":"https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"e46b7d19de7914881986ef939f690facc7a0198d"},{"last_affected":"044a9bc056a8e0a7979009b41901e97640626257"},{"last_affected":"f67a61425f27009d4ac16a62e31758e5af3a7226"},{"last_affected":"1a5fed605982a1a20e8e9bd57502e2ce94d7dc3e"},{"last_affected":"ac72d94febc1744579bad2646685a2054c087594"},{"last_affected":"580b68fc398b9bf7ec1a025524f294ce76fcf521"},{"last_affected":"8af0c7343af5ecda6a99611333321ca283ae505a"}],"database_specific":{"cpe":["cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*","cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"7.0.1-0"},{"last_affected":"7.0.1-1"},{"last_affected":"7.0.1-2"},{"last_affected":"7.0.1-3"},{"last_affected":"7.0.1-4"},{"last_affected":"7.0.1-5"},{"last_affected":"7.0.1-6"}]}}],"versions":["7.0.1-6","7.0.1-5","7.0.1-4","7.0.1-3","7.0.1-2","7.0.1-1","7.0.1-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5690.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"aa74980014c8246f92a200a6e431b8d8efe312e5"}],"database_specific":{"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"6.9.4-4"}]}}],"versions":["6.9.4-4","6.9.4-3","6.9.4-2","6.9.4-1","6.9.4-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5690.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}