CVE-2016-10061

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick

Events

Introduced

Fixed

2615e69b7e7d72e3bd5eef828708d08d1490b7fe

Fixed

4e914bbe371433f0590cefdf3bd5f3a5710069f9

Database specific

{
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "7.0.0-0"
        },
        {
            "fixed": "7.0.1-10"
        }
    ]
}

Affected versions

7.*

7.0.1-0

7.0.1-1

7.0.1-2

7.0.1-3

7.0.1-4

7.0.1-5

7.0.1-6

7.0.1-7

7.0.1-8

7.0.1-9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10061.json"

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick6

Events

Introduced

Fixed

ac897074952c9d61f60435032a02cdc9742c4c5d

Database specific

{
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.9.4-8"
        }
    ]
}

Affected versions

6.*

6.9.4-0

6.9.4-1

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10061.json"