Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
{ "vanir_signatures": [ { "id": "CVE-2016-6823-283bf911", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "331451543737391559657662885288521718244", "length": 15970.0 }, "signature_type": "Function", "source": "https://github.com/imagemagick/imagemagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323", "target": { "function": "WriteBMPImage", "file": "coders/bmp.c" } }, { "id": "CVE-2016-6823-fd6a85db", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "331351229120922227843318387926724409269", "156608791804150773886299176130981230275", "127202957312584428731706579271309444669", "44903408570580159889295902349541781732", "18425249961333903615052808494222770307", "229510203313684881377808077530990127394", "332794569406156583923456839957309450669", "214711130510733397844507499186233695168" ], "threshold": 0.9 }, "signature_type": "Line", "source": "https://github.com/imagemagick/imagemagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323", "target": { "file": "coders/bmp.c" } } ] }