Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
{
"unresolved_ranges": [
{
"vendor_product": "imagemagick:imagemagick",
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "7.0.0-0"
},
{
"fixed": "7.0.2-10"
},
{
"introduced": "7.0.0-0"
},
{
"fixed": "7.0.2-10"
}
]
}
]
}[
{
"digest": {
"length": 15970.0,
"function_hash": "331451543737391559657662885288521718244"
},
"id": "CVE-2016-6823-283bf911",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323",
"target": {
"function": "WriteBMPImage",
"file": "coders/bmp.c"
}
},
{
"digest": {
"line_hashes": [
"331351229120922227843318387926724409269",
"156608791804150773886299176130981230275",
"127202957312584428731706579271309444669",
"44903408570580159889295902349541781732",
"18425249961333903615052808494222770307",
"229510203313684881377808077530990127394",
"332794569406156583923456839957309450669",
"214711130510733397844507499186233695168"
],
"threshold": 0.9
},
"id": "CVE-2016-6823-fd6a85db",
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/imagemagick/imagemagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323",
"target": {
"file": "coders/bmp.c"
}
}
]
"2026-07-11T18:14:54Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6823.json"
{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.9.10-50"
}
]
}