The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
{
"unresolved_ranges": [
{
"vendor_product": "imagemagick:imagemagick",
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "7.0.1-0"
},
{
"last_affected": "7.0.1-0"
},
{
"introduced": "7.0.1-0"
},
{
"last_affected": "7.0.1-0"
},
{
"introduced": "7.0.1-1"
},
{
"last_affected": "7.0.1-1"
},
{
"introduced": "7.0.1-1"
},
{
"last_affected": "7.0.1-1"
},
{
"introduced": "7.0.1-2"
},
{
"last_affected": "7.0.1-2"
},
{
"introduced": "7.0.1-2"
},
{
"last_affected": "7.0.1-2"
},
{
"introduced": "7.0.1-3"
},
{
"last_affected": "7.0.1-3"
},
{
"introduced": "7.0.1-3"
},
{
"last_affected": "7.0.1-3"
},
{
"introduced": "7.0.1-4"
},
{
"last_affected": "7.0.1-4"
},
{
"introduced": "7.0.1-4"
},
{
"last_affected": "7.0.1-4"
},
{
"introduced": "7.0.1-5"
},
{
"last_affected": "7.0.1-5"
},
{
"introduced": "7.0.1-5"
},
{
"last_affected": "7.0.1-5"
},
{
"introduced": "7.0.1-6"
},
{
"last_affected": "7.0.1-6"
},
{
"introduced": "7.0.1-6"
},
{
"last_affected": "7.0.1-6"
}
]
},
{
"vendor_product": "oracle:solaris",
"cpes": [
"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "11.3"
},
{
"last_affected": "11.3"
}
]
}
]
}[
{
"digest": {
"line_hashes": [
"125690708503204704179866250422592584464",
"297118995262517685663034534754128752549",
"71456700239368997875191045675705977984",
"310300479292880551150267313013585917428",
"75158705854446966296570889487461669595",
"256487543234322570650697034452382529675",
"101800047312087569013320574819529047408",
"278330530480765877102691904248489772845",
"269998386639281855675428201403715945157",
"222744906410054753423939657109388688498",
"31328229820292102911312279564588830172",
"230150294241990504871522991641849196906",
"303987760605767369302449797372453866768",
"199538023032157869037437909163117919625",
"281035373911219828636523423704845789944",
"134836911006447715844848858788155042871"
],
"threshold": 0.9
},
"id": "CVE-2016-5689-0d876578",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d",
"target": {
"file": "coders/dcm.c"
}
},
{
"digest": {
"length": 27156.0,
"function_hash": "319746287147606933465858284226449158380"
},
"id": "CVE-2016-5689-9ac331bb",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d",
"target": {
"function": "ReadDCMImage",
"file": "coders/dcm.c"
}
}
]
"2026-07-11T18:14:55Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5689.json"
{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "6.9.4-4"
}
]
}