CVE-2016-10061

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

References

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e914bbe371433f0590cefdf3bd5f3a5710069f9

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac897074952c9d61f60435032a02cdc9742c4c5d

Affected versions

6.*

6.9.4-0

6.9.4-1

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "23349709727746711053188579013856864519",
                    "58986783240197891261495673924012314370",
                    "13886045691499352320238499746622938696",
                    "249149924556329584619957143342533747147",
                    "194617214962742878191353498368881514072",
                    "112927820336197689989545973113965550443",
                    "114562482044976191720667379828883396305",
                    "125136520403128305235034756787681031558",
                    "56353669216532575561930019841352689127",
                    "121560467745627593058671063546801610512"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2016-10061-2e5920ee",
            "source": "https://github.com/imagemagick/imagemagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9",
            "target": {
                "file": "coders/tiff.c"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 3376.0,
                "function_hash": "263224951406887723923822644630727747750"
            },
            "signature_version": "v1",
            "id": "CVE-2016-10061-6bf5162d",
            "source": "https://github.com/imagemagick/imagemagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9",
            "target": {
                "function": "ReadGROUP4Image",
                "file": "coders/tiff.c"
            },
            "deprecated": false
        }
    ]
}