CVE-2016-6491

Published on: 12/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Imagemagick from Imagemagick contain the following vulnerability:

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

  • CVE-2016-6491 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
ImageMagick CVE-2016-6491 Remote Buffer Overflow Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 92186
oss-security - CVE-Request Buffer overflow ImageMagick Exploit
Patch
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160728 CVE-Request Buffer overflow ImageMagick
ImageMagick Buffer Overflow in Get8BIMProperty() Lets Remote Users Obtain Potentially Sensitive Information and Deny Service - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036501
ImageMagick: Multiple vulnerabilities (GLSA 201611-21) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201611-21
oss-security - Re: CVE-Request Buffer overflow ImageMagick Exploit
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160728 Re: CVE-Request Buffer overflow ImageMagick
ImageMagick/ChangeLog at 6.9.5-4 · ImageMagick/ImageMagick · GitHub Release Notes
Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog
Prevent buffer overflow (bug report from Ibrahim el-sayed) · ImageMagick/[email protected] · GitHub Patch
Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
Oracle Solaris Bulletin - July 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationImagemagickImagemagick7.0.1-0AllAllAll
ApplicationImagemagickImagemagick7.0.1-1AllAllAll
ApplicationImagemagickImagemagick7.0.1-10AllAllAll
ApplicationImagemagickImagemagick7.0.1-2AllAllAll
ApplicationImagemagickImagemagick7.0.1-3AllAllAll
ApplicationImagemagickImagemagick7.0.1-4AllAllAll
ApplicationImagemagickImagemagick7.0.1-5AllAllAll
ApplicationImagemagickImagemagick7.0.1-6AllAllAll
ApplicationImagemagickImagemagick7.0.1-7AllAllAll
ApplicationImagemagickImagemagick7.0.1-8AllAllAll
ApplicationImagemagickImagemagick7.0.1-9AllAllAll
ApplicationImagemagickImagemagick7.0.2-0AllAllAll
ApplicationImagemagickImagemagick7.0.2-1AllAllAll
ApplicationImagemagickImagemagick7.0.2-2AllAllAll
ApplicationImagemagickImagemagick7.0.2-3AllAllAll
ApplicationImagemagickImagemagick7.0.2-4AllAllAll
ApplicationImagemagickImagemagick7.0.2-5AllAllAll
ApplicationImagemagickImagemagick7.0.1-0AllAllAll
ApplicationImagemagickImagemagick7.0.1-1AllAllAll
ApplicationImagemagickImagemagick7.0.1-10AllAllAll
ApplicationImagemagickImagemagick7.0.1-2AllAllAll
ApplicationImagemagickImagemagick7.0.1-3AllAllAll
ApplicationImagemagickImagemagick7.0.1-4AllAllAll
ApplicationImagemagickImagemagick7.0.1-5AllAllAll
ApplicationImagemagickImagemagick7.0.1-6AllAllAll
ApplicationImagemagickImagemagick7.0.1-7AllAllAll
ApplicationImagemagickImagemagick7.0.1-8AllAllAll
ApplicationImagemagickImagemagick7.0.1-9AllAllAll
ApplicationImagemagickImagemagick7.0.2-0AllAllAll
ApplicationImagemagickImagemagick7.0.2-1AllAllAll
ApplicationImagemagickImagemagick7.0.2-2AllAllAll
ApplicationImagemagickImagemagick7.0.2-3AllAllAll
ApplicationImagemagickImagemagick7.0.2-4AllAllAll
ApplicationImagemagickImagemagick7.0.2-5AllAllAll
ApplicationImagemagickImagemagickAllAllAllAll
Operating
System
OracleSolaris10.0AllAllAll
Operating
System
OracleSolaris11.3AllAllAll
Operating
System
OracleSolaris10.0AllAllAll
Operating
System
OracleSolaris11.3AllAllAll
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*:
  • cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*: