CVE-2016-4564
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-4564
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4564.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-4564
- Downstream
- Related
- Published
- 2016-06-04T16:59:02Z
- Modified
- 2025-09-16T06:21:01.747325Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
- References
Affected packages
Alpine:v3.2
imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:apk/alpine/imagemagick?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9.6.8-r0
Affected versions
6.*
6.4.9.10-r0
6.5.0.10-r0
6.5.2.1-r0
6.5.3.2-r0
6.5.3.10-r0
6.5.4.10-r0
6.5.5.6-r0
6.5.7.3-r0
6.5.7.5-r0
6.5.7.10-r0
6.5.8.5-r0
6.5.8.5-r1
6.5.9.0-r0
6.5.9.0-r1
6.5.9.0-r2
6.5.9.0-r3
6.5.9.0-r4
6.6.0.4-r0
6.6.0.10-r0
6.6.0.10-r1
6.6.1.5-r0
6.6.2.0-r0
6.6.2.10-r0
6.6.3.0-r0
6.6.3.1-r0
6.6.3.4-r0
6.6.3.6-r0
6.6.3.9-r0
6.6.3.10-r0
6.6.4.0-r0
6.6.4.1-r0
6.6.4.6-r0
6.6.4.10-r0
6.6.5.5-r0
6.6.5.10-r0
6.6.6.7-r0
6.6.7.0-r0
6.6.7.4-r0
6.6.7.9-r0
6.6.7.9-r1
6.6.8.4-r0
6.6.8.7-r0
6.6.9.1-r0
6.6.9.3-r0
6.6.9.8-r0
6.6.9.8-r1
6.6.9.8-r2
6.6.9.8-r3
6.6.9.9-r0
6.6.9.9-r1
6.7.0.0-r0
6.7.0.3-r0
6.7.0.4-r0
6.7.0.6-r0
6.7.0.8-r0
6.7.0.9-r0
6.7.1.0-r0
6.7.2.2-r0
6.7.2.7-r0
6.7.2.9-r0
6.7.3.2-r0
6.7.3.7-r0
6.7.3.9-r0
6.7.4.0-r0
6.7.4.4-r0
6.7.4.6-r0
6.7.4.7-r0
6.7.4.10-r0
6.7.5.6-r0
6.7.5.7-r0
6.7.6.0-r0
6.7.6.7-r0
6.7.7.2-r0
6.7.7.5-r0
6.7.7.6-r0
6.7.8.0-r0
6.7.8.3-r0
6.7.8.6-r0
6.7.8.7-r0
6.7.8.7-r1
6.7.8.8-r0
6.7.8.10-r0
6.7.9.3-r0
6.7.9.9-r0
6.8.0.4-r0
6.8.0.7-r0
6.8.2.4-r0
6.8.5.3-r0
6.8.5.6-r0
6.8.5.6-r1
6.8.6.2-r0
6.8.6.3-r0
6.8.6.4-r0
6.8.6.5-r0
6.8.6.5-r1
6.8.6.9-r0
6.8.6.10-r0
6.8.7.0-r0
6.8.7.1-r0
6.8.7.3-r0
6.8.7.5-r0
6.8.7.7-r0
6.8.7.8-r0
6.8.7.9-r0
6.8.7.10-r0
6.8.8.0-r0
6.8.8.4-r0
6.8.8.4-r1
6.8.8.7-r1
6.8.8.9-r0
6.8.8.10-r0
6.8.9.1-r0
6.8.9.5-r0
6.8.9.10-r0
6.9.0.0-r0
6.9.1.0-r0
6.9.1.2-r0
6.9.1.2-r1
6.9.1.2-r2
Alpine:v3.3
imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:apk/alpine/imagemagick?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9.6.8-r0
Affected versions
6.*
6.4.9.10-r0
6.5.0.10-r0
6.5.2.1-r0
6.5.3.2-r0
6.5.3.10-r0
6.5.4.10-r0
6.5.5.6-r0
6.5.7.3-r0
6.5.7.5-r0
6.5.7.10-r0
6.5.8.5-r0
6.5.8.5-r1
6.5.9.0-r0
6.5.9.0-r1
6.5.9.0-r2
6.5.9.0-r3
6.5.9.0-r4
6.6.0.4-r0
6.6.0.10-r0
6.6.0.10-r1
6.6.1.5-r0
6.6.2.0-r0
6.6.2.10-r0
6.6.3.0-r0
6.6.3.1-r0
6.6.3.4-r0
6.6.3.6-r0
6.6.3.9-r0
6.6.3.10-r0
6.6.4.0-r0
6.6.4.1-r0
6.6.4.6-r0
6.6.4.10-r0
6.6.5.5-r0
6.6.5.10-r0
6.6.6.7-r0
6.6.7.0-r0
6.6.7.4-r0
6.6.7.9-r0
6.6.7.9-r1
6.6.8.4-r0
6.6.8.7-r0
6.6.9.1-r0
6.6.9.3-r0
6.6.9.8-r0
6.6.9.8-r1
6.6.9.8-r2
6.6.9.8-r3
6.6.9.9-r0
6.6.9.9-r1
6.7.0.0-r0
6.7.0.3-r0
6.7.0.4-r0
6.7.0.6-r0
6.7.0.8-r0
6.7.0.9-r0
6.7.1.0-r0
6.7.2.2-r0
6.7.2.7-r0
6.7.2.9-r0
6.7.3.2-r0
6.7.3.7-r0
6.7.3.9-r0
6.7.4.0-r0
6.7.4.4-r0
6.7.4.6-r0
6.7.4.7-r0
6.7.4.10-r0
6.7.5.6-r0
6.7.5.7-r0
6.7.6.0-r0
6.7.6.7-r0
6.7.7.2-r0
6.7.7.5-r0
6.7.7.6-r0
6.7.8.0-r0
6.7.8.3-r0
6.7.8.6-r0
6.7.8.7-r0
6.7.8.7-r1
6.7.8.8-r0
6.7.8.10-r0
6.7.9.3-r0
6.7.9.9-r0
6.8.0.4-r0
6.8.0.7-r0
6.8.2.4-r0
6.8.5.3-r0
6.8.5.6-r0
6.8.5.6-r1
6.8.6.2-r0
6.8.6.3-r0
6.8.6.4-r0
6.8.6.5-r0
6.8.6.5-r1
6.8.6.9-r0
6.8.6.10-r0
6.8.7.0-r0
6.8.7.1-r0
6.8.7.3-r0
6.8.7.5-r0
6.8.7.7-r0
6.8.7.8-r0
6.8.7.9-r0
6.8.7.10-r0
6.8.8.0-r0
6.8.8.4-r0
6.8.8.4-r1
6.8.8.7-r1
6.8.8.9-r0
6.8.8.10-r0
6.8.9.1-r0
6.8.9.5-r0
6.8.9.10-r0
6.9.0.0-r0
6.9.1.0-r0
6.9.1.2-r0
6.9.1.4-r0
6.9.1.4-r1
6.9.1.4-r2
6.9.1.4-r3
6.9.2.0-r0
6.9.2.3-r0
6.9.2.5-r0
6.9.2.6-r0
6.9.2.7-r0
6.9.2.8-r0
6.9.2.8-r1
6.9.3.4-r0
6.9.3.10-r0
Debian:11
imagemagick
Debian:12
imagemagick
Debian:13
imagemagick
Debian:14
imagemagick
Git
github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950",
"signature_type": "Function",
"target": {
"file": "MagickCore/draw.c",
"function": "TraceStrokePolygon"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "19087062209882581044641411060786551904",
"length": 10540.0
},
"id": "CVE-2016-4564-0769ef42"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950",
"signature_type": "Function",
"target": {
"file": "MagickCore/draw.c",
"function": "GetDrawInfo"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "199412975228909332613035562347786452244",
"length": 3488.0
},
"id": "CVE-2016-4564-890e239d"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950",
"signature_type": "Line",
"target": {
"file": "MagickCore/draw.c"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"335925560134690317193092292346148598978",
"307948842438111121134376582141792796824",
"97345539009483171584076736458940709996",
"64898305418218442766827821520648203195",
"39912305942279437731012210379761251617",
"40443501656162150355495403035712924760",
"73770472470587632883798795161565020304",
"108226680772346091687868864400085679842",
"123500761471490265105147971528166897161",
"128911744063364514777923767508840543425",
"52330198588996416451826398963021301631",
"39155747152746986153251298903565164589",
"263893698248966395428460961874113703311",
"222972072724161323662315619050432438047",
"37872776098310485081149520352596256823",
"87766492829804867606755861836032755714",
"318812137520032918497578210276177144452",
"285519679534823872783653649443451620369",
"111664113479720381242873764103512901456",
"209105006954348787744956521427701845128",
"86994817891360412057289853076436632576",
"282816159401390604297193423431513401052",
"263960042071451048902034245583640204662",
"107173512466735287013316648176502235637",
"176276748335204020322126314289568947720",
"282816159401390604297193423431513401052",
"263960042071451048902034245583640204662",
"107173512466735287013316648176502235637",
"310828230740712513599460023578692140619",
"31749063765810394033456734707565040366",
"66603185189968205733053196986599662754",
"149118458899116707934837996113363284337",
"10266813249376292710459755104441149012",
"260728227847294758935892291231482334031",
"183014658586905284531964200868872214974",
"176631909759406139029928140274926783744",
"308642993537714985887596125408117446631",
"248624470573473206926966028792723341877",
"44017432680821659120688356788415541818",
"13513726291783741092497127189136216081",
"219005237784560473002689149717526593856",
"16920365415131233757724635579526988406",
"336064720220418584245076687232359569712",
"91759784730048765921748842399854390431",
"173447169806335433436180807977390116521",
"141063037036872547953980132765050672364",
"159035688460192567075543989008746304701",
"216176733096076452748713191831734300187",
"69415229704931832362455333872666459402",
"147167426969163165536624855055937205817",
"175753101143168695242006631749909177644",
"143670045905339725661114794419022984854",
"158615013654191673580989709297953542361",
"82680078655929986894877045897422248313"
]
},
"id": "CVE-2016-4564-a451aa3a"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950",
"signature_type": "Function",
"target": {
"file": "MagickCore/draw.c",
"function": "DrawDashPolygon"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "25757192401322138830226923066754159931",
"length": 3350.0
},
"id": "CVE-2016-4564-a7899e3b"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950",
"signature_type": "Function",
"target": {
"file": "MagickCore/draw.c",
"function": "DrawImage"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "188218296422400481329023041470426665333",
"length": 33654.0
},
"id": "CVE-2016-4564-c0d05cd5"
}
]
}