{"id":"CVE-2017-12876","details":"Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.","modified":"2026-02-24T11:19:52.535412Z","published":"2017-08-28T19:29:00.747Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/08/16/3"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201711-07"},{"type":"REPORT","url":"https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/08/16/3"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/08/16/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e"}]}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.5-9","7.0.6-0","7.0.6-1","7.0.6-2","7.0.6-3","7.0.6-4","7.0.6-5"],"database_specific":{"vanir_signatures":[{"target":{"file":"MagickCore/enhance.c"},"signature_type":"Line","source":"https://github.com/imagemagick/imagemagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e","digest":{"threshold":0.9,"line_hashes":["159720653019756489098112919839395199621","1493601648042703426643190035589463863","225902270912491237414267861518603486020","323469041891454117735811538174404017971","237939550130167628625439668004044370318","55746174173618589623335783024052090295","126857360410016675314037605434420344596","75025569001867592473806576716471535181","289350014631510141006145386212732985509","263222327518072518305032413649559112507","278341161242473877393040767004883379143","255046626632397323301962381349947439945"]},"signature_version":"v1","deprecated":false,"id":"CVE-2017-12876-8ac8223f"},{"target":{"function":"ContrastStretchImage","file":"MagickCore/enhance.c"},"signature_type":"Function","source":"https://github.com/imagemagick/imagemagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e","digest":{"length":5982,"function_hash":"138131495163229802714153764407181988231"},"signature_version":"v1","deprecated":false,"id":"CVE-2017-12876-ab8d9efb"},{"target":{"function":"EqualizeImage","file":"MagickCore/enhance.c"},"signature_type":"Function","source":"https://github.com/imagemagick/imagemagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e","digest":{"length":5638,"function_hash":"308998591133831409350954514066461080081"},"signature_version":"v1","deprecated":false,"id":"CVE-2017-12876-e18caded"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12876.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}