{"id":"CVE-2016-7514","details":"The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.","modified":"2026-07-10T14:33:17.220365Z","published":"2017-04-20T18:59:00.873Z","related":["CGA-qjvw-38pj-fvvh","SUSE-SU-2016:2667-1","SUSE-SU-2016:2964-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"7.0.1-0"},{"fixed":"7.0.1-0"}],"source":"CPE_RANGE","vendor_product":"imagemagick:imagemagick"}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93122"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533442"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/09/22/2"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378739"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/83"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"198fffab4daf8aea88badd9c629350e5b26ec32f"},{"fixed":"280215b9936d145dd5ee91403738ccce1333cab1"},{"fixed":"6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d"},{"fixed":"e14fd0a2801f73bdc123baf4fbab97dec55919eb"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7514.json","vanir_signatures_modified":"2026-07-10T14:33:17Z","vanir_signatures":[{"target":{"file":"coders/psd.c","function":"WriteImageChannels"},"deprecated":false,"digest":{"function_hash":"285074460042033435714570774745871577974","length":3404},"id":"CVE-2016-7514-03bfd714","signature_type":"Function","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d"},{"id":"CVE-2016-7514-45b70d5f","signature_type":"Line","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb","target":{"file":"coders/psd.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["109751460950315633864691469035376248211","178912501136852134042602593953454749296","134730300755715259333632594253742267699","285867157739302346549685853921776613191"]}},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f","target":{"file":"coders/psd.c"},"deprecated":false,"digest":{"line_hashes":["161427083715258918546799136412959982766","312460972902757405177739596775048803258","41348376021106145878107322599149235082","113738155929550134537127206077550473436"],"threshold":0.9},"id":"CVE-2016-7514-774bf8f9"},{"id":"CVE-2016-7514-c68b03d2","signature_type":"Function","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/280215b9936d145dd5ee91403738ccce1333cab1","target":{"file":"coders/psd.c","function":"ReadPSDChannelPixels"},"deprecated":false,"digest":{"function_hash":"335383035870159939614420951652307614692","length":2267}},{"target":{"file":"coders/psd.c","function":"ReadPSDChannelPixels"},"deprecated":false,"digest":{"function_hash":"169306428911167216219657258921283259532","length":2238},"id":"CVE-2016-7514-d1ecc875","signature_type":"Function","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb"},{"deprecated":false,"digest":{"line_hashes":["161624246808178391736060810080783379634","97090877004137658579072362989435123192","327810344119592760556648814629062316645","300446164371847724661278259517095074341","183633811458571232582399668000446660690"],"threshold":0.9},"id":"CVE-2016-7514-ebc47fac","signature_type":"Line","signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d","target":{"file":"coders/psd.c"}},{"source":"https://github.com/imagemagick/imagemagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f","target":{"file":"coders/psd.c","function":"ReadPSDImage"},"deprecated":false,"digest":{"function_hash":"210157996297491556616314171779881018402","length":6702},"id":"CVE-2016-7514-f15f4cc9","signature_type":"Function","signature_version":"v1"},{"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/280215b9936d145dd5ee91403738ccce1333cab1","target":{"file":"coders/psd.c"},"deprecated":false,"digest":{"line_hashes":["27953133697015499101049926463508724848","61702053108166004909071077535210291712","4604225926690083465865465553635753128","273504656353439999706074899729075301280","101364122107472221495999199202325913912","253109629157928020907024832077025154573","70694050657571819290855134830967025874","277579737645969123589385444545079154486","159436346830094737257713237232642675225","298792781328022024184241879023997605947","222850247178822180439749403977984200389","175787668666520758713845410904122861701","149538864986354266650099342529609608547","92934423579030002647292658325760245062","40337555287910889988887784336744942504","80681271802738934943032338153235327243","82295856390647293582110601348779848316","27589005223064555269786214621042100105","56095465152117053341397777379408298599","339377789247296264043251301444415733891","27254581136515266010447833007112493263","69795866533064426694852616375152563913","781287613205355742655349372129548560","229379898860325230564649956871122654023","42447102046655612463737132526779682702","213053194002666447870253276299975534897","78124499469260301800609606057045370062","52995720018728605569780486578558358115","122053523331270530228600442874432600064","35784111965840611730952232965298630541","20206367232212379903674791055692248547","13874142052313021278377217988812611194","153437339275628516090461479410667083835","12957635100627842058232735865266568921","133261799492371621650877187985065036172","151124666480925459079714628101841946038","156926081528472184846183677699181950776","270383756593793418438270441490732977615","297575518524379260008807796150947855228","138750463347778154377317599600833503012","61454726608872019461050938862381628889","155793241706855189351482357617300082051","156345651047423736388806425153965082578","72136966757677748761367739302496737361","56393961270002790077942874219534856170","320461164001235034890017691227820948113","227901182683942692832338832367496254936","172572521693954626916528770019528746116","86130270330626561169527483693583278270","27195846247546395105544970815479595551","233231112693906601271841050171585914258","275383447923896729303368173143222643880","214129069656744371374050604348804543615","199151411781886509481355656596677821353","143315248874164605850265759159234760503","296325844399562854483911576828249805185","190993207088699315753310280054099101806","91794615232585081307222415967885633275","39584322809239800210412417997387944156","151672814186478650019986286248692502994","214129069656744371374050604348804543615","194796126668477045479661674135076611255","72632149046832301520363409236644189700","220580356314152540172845949699492128319","133974081833804709692570970608092123108","226856695936803612801621326004050300719","155080155044870918543947774078751107154","248118894672463066859654798414896070423","112886590523769359413836616241614968300","205635867571804715045270562174042547085","189885647161623328345963496956961876513","78349218575956211135234447361186667112","117848692994570339326167966005184608097","237407896108287987231582911941681449713","243997219802485592358256925634576016308","42258064439503821740210836304412045804","131063166039816605397068254076051641061","150130179607317594642771507416949775936","269121817939460903893292193106039720164","280292791586964139442170996917699738901","323178703120428762006232900843567872189","117848692994570339326167966005184608097","260650099727315252408134012957576980485","16005707821783007815482866254495297126","39302910621898167293865526273311332327","186646666435056846081299360988930221740","63287287066068472344558282419358229037","329838758957930812653856437334153916898","76137699445576540941325778896666886389"],"threshold":0.9},"id":"CVE-2016-7514-fe725982","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}