{"id":"CVE-2016-6520","details":"Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.","modified":"2026-05-18T10:52:17.218495Z","published":"2016-12-13T15:59:10.310Z","related":["SUSE-SU-2016:2075-1","SUSE-SU-2016:2076-1"],"references":[{"type":"ADVISORY","url":"http://www.imagemagick.org/script/changelog.php"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/02/10"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/02/6"},{"type":"FIX","url":"http://www.securitytracker.com/id/1036502"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"d67c907006d990429cd0979873251faff01fbb0a"},{"fixed":"76401e172ea3a55182be2b8e2aca4d07270f6da6"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"7.0.0-0"},{"fixed":"7.0.2-7"}]}}],"versions":["7.0.2-6","7.0.2-5","7.0.2-4","7.0.2-3","7.0.2-2","7.0.2-1","7.0.2-0","7.0.1-10","7.0.1-9","7.0.1-8","7.0.1-7","7.0.1-6","7.0.1-5","7.0.1-4","7.0.1-3","7.0.1-2","7.0.1-1","7.0.1-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6520.json","vanir_signatures":[{"digest":{"line_hashes":["126857360410016675314037605434420344596","75025569001867592473806576716471535181","72315035866173016781131131230544606355","73121592123894946659324014190844493595","34864395629329246848656940620374287148","144320124381467878368218771274536500937","250863954894678647761798907477070958038","95888149968214810741726644230469612235"],"threshold":0.9},"source":"https://github.com/imagemagick/imagemagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6","deprecated":false,"signature_version":"v1","id":"CVE-2016-6520-7443e8d5","signature_type":"Line","target":{"file":"MagickCore/enhance.c"}},{"digest":{"length":5903,"function_hash":"86100828383435080084484997568900046140"},"source":"https://github.com/imagemagick/imagemagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6","deprecated":false,"signature_version":"v1","id":"CVE-2016-6520-9c884187","signature_type":"Function","target":{"function":"ContrastStretchImage","file":"MagickCore/enhance.c"}},{"digest":{"length":5638,"function_hash":"308998591133831409350954514066461080081"},"source":"https://github.com/imagemagick/imagemagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6","deprecated":false,"signature_version":"v1","id":"CVE-2016-6520-d58ea54b","signature_type":"Function","target":{"function":"EqualizeImage","file":"MagickCore/enhance.c"}}],"vanir_signatures_modified":"2026-05-18T10:52:17Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}