CVE-2016-5842

Published: 12/13/2016 Last updated: 8/6/2024 Reserved: 6/23/2016

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
n/a	n/a	2012 (Core installation)

References (14)

https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1
http://www.securityfocus.com/bid/91394
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://security.gentoo.org/glsa/201611-21
http://www.openwall.com/lists/oss-security/2016/06/25/3
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
http://www.openwall.com/lists/oss-security/2016/06/23/1
https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1
http://www.securityfocus.com/bid/91394
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://security.gentoo.org/glsa/201611-21
http://www.openwall.com/lists/oss-security/2016/06/25/3
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
http://www.openwall.com/lists/oss-security/2016/06/23/1