CVE-2016-10060

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick

Events

Introduced

Fixed

2615e69b7e7d72e3bd5eef828708d08d1490b7fe

Fixed

933e96f01a8c889c7bf5ffd30020e86a02a046e7

Database specific

{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "7.0.0-0"
        },
        {
            "fixed": "7.0.1-10"
        }
    ],
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
}

Affected versions

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10060.json"

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick6

Events

Introduced

Fixed

0a068cf62733700e63e61d7a39f95a4370abeb0f

Database specific

{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.9.4-1"
        }
    ],
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
}

Affected versions

6.*

6.9.4-0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10060.json"