Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-5688

Опубликовано: 13 дек. 2016
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 6.9.4-3 (включая)
cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02244
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2016-5688

CVSS3: 8.1
ubuntu
около 9 лет назад

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

redhat логотип

CVE-2016-5688

redhat
больше 9 лет назад

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

debian логотип

CVE-2016-5688

CVSS3: 8.1
debian
около 9 лет назад

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, w ...

github логотип

GHSA-2hhc-539m-8qw5

CVSS3: 8.1
github
больше 3 лет назад

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

suse-cvrf логотип

openSUSE-SU-2016:2073-1

suse-cvrf
больше 9 лет назад

Security update for GraphicsMagick

EPSS

Процентиль: 84%
0.02244
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119