CVE-2016-10046

Published: 3/23/2017 Last updated: 8/6/2024 Reserved: 12/26/2016

Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
n/a	n/a	2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions

References (8)

https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
https://bugzilla.redhat.com/show_bug.cgi?id=1410448
http://www.openwall.com/lists/oss-security/2016/12/26/9
http://www.securityfocus.com/bid/95183
https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
https://bugzilla.redhat.com/show_bug.cgi?id=1410448
http://www.openwall.com/lists/oss-security/2016/12/26/9
http://www.securityfocus.com/bid/95183