CVE-2016-7526

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7526
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7526.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7526
Downstream
Related
Published
2017-04-20T18:59:01Z
Modified
2025-11-12T04:35:27Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

References

Affected packages

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4bae9bed8a79e031884ca9a4681dce89dbd26855

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
998c687fb83993c13fa711d75f59a95b38ceab77
Fixed
b60d1ed0af37c50b91a40937825b4c61e8458095
Fixed
b6ae2f9e0ab13343c0281732d479757a8e8979c7
Fixed
d9b2209a69ee90d8df81fb124eb66f593eb9f599

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095",
        "digest": {
            "length": 4390.0,
            "function_hash": "274052643633555858941852038294576833544"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "InsertRow",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-03040af9"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77",
        "digest": {
            "length": 11849.0,
            "function_hash": "291194572662642279229280480153523271761"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "ReadWPGImage",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-224ecd84"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103285228787620946142782869715282798147",
                "299526059047460383861757491180470657592",
                "95578327036182197068180801305850515142",
                "75766519371248361780226681925486449249"
            ]
        },
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-64e6d24f"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
        "digest": {
            "length": 11783.0,
            "function_hash": "11675639297204858977307468910856747069"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "ReadWPGImage",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-6cd6f4a9"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "259884090484826856568342908046500566643",
                "241564993952852797389510581534718583048",
                "10086158481357944492019352432320900866",
                "253818805422992802946968490427429795356",
                "150894069944753803149192991897548354926",
                "123302508057305672814701366759845757385",
                "157851716441951450421338912549604514996",
                "14399114298497964475220769272072220372",
                "47758119579901101916502130830507007846",
                "226229898543932025566375118028604430994",
                "259188281780664081919599682243378408540",
                "192757111336903685750336953083346553560",
                "55326020350281613447974739370319359929",
                "161751664784735953509360892415677852171",
                "116378087604061334309526215234804025537",
                "165080791139618033945788236131818507596",
                "324301100619336709014504618875345966280",
                "209413717151308010904354550526556105286",
                "103152817862685377876477910207502448905",
                "249319240804620926834547624314645813299",
                "169891094385661908369698175190543160200",
                "284750662486351637778012740443285535686",
                "173513487929492134532946202455865233069",
                "147831185790857945495746407553188103765",
                "233024782624686754360940409338643686500",
                "230689281942241368508363766939566818784",
                "99615485626756735394753239073599354036",
                "258858642990591035770079335962061283393",
                "307224511755852774890402686341264572675",
                "161829566823995562388125467018663190253"
            ]
        },
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-826c3bd7"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "296202915652744921405100257105764390010",
                "247150939643836653841183791585942424054",
                "270312678384849432848536356204767338847",
                "318478266732889627196422765315702091400"
            ]
        },
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-9d0dfdc4"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77",
        "digest": {
            "length": 4390.0,
            "function_hash": "67888134776615178635304822975715651377"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "InsertRow",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-af85579d"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
        "digest": {
            "length": 4038.0,
            "function_hash": "221561675724562337345846584259777321557"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "InsertRow",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-b6d08b52"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "184958327058488957927033213971304007505",
                "316493567550125134363467893738779177566",
                "239521490559225961460127414038364400387",
                "20313255379032127267252625250096589192",
                "331616895724346255161520320085744168810",
                "295422028323239532883984964056966920314",
                "327448158965317340914223555466259243720",
                "135860532438337189341092706210929656938",
                "149825510691990931775520970003841261061",
                "332717406715456019008028598532947716312",
                "313889929887206561787041905051155830224",
                "229694328961901355156115612056634361253",
                "215689255696349223378395526426314181777",
                "174927052065345936515628950737670631540",
                "227341233961634362078894092827377426535",
                "35641881518127281332342546450659954280",
                "129234905620735654316884867151694744947",
                "152457233170629562880967362894323228534",
                "302854400340853149036966151597928312361",
                "70289716816019320247394815219808549561",
                "223022210640126061924509710498319309146",
                "47293091755760049439011898839203780207",
                "301980764241473664027548191356254760940",
                "200960132191557783299371628030310359656",
                "286905483004040459626458408935471002067",
                "24048334766223464333731480378457487024",
                "249319240804620926834547624314645813299",
                "169891094385661908369698175190543160200",
                "284750662486351637778012740443285535686",
                "141490877720092693785891815640840621833",
                "260515002283394024877181282408577455221",
                "50855103745066788888301749408092644701",
                "66999561997220946050724619479087742193",
                "194091063641323953678714311368663562438",
                "33543148028699536691018253942314465598",
                "173513487929492134532946202455865233069",
                "147831185790857945495746407553188103765",
                "233024782624686754360940409338643686500",
                "230689281942241368508363766939566818784",
                "120859661043048946946333961149048632408",
                "334226194622420835021555523262904689197",
                "197805291447083308206149075321773785235",
                "52896354688185095764008338588287758663",
                "44399384117457512534977489397455145134",
                "258858642990591035770079335962061283393",
                "307224511755852774890402686341264572675",
                "161829566823995562388125467018663190253",
                "219582339978990145434991488201296704466",
                "280026100259858130601751253934954732789",
                "274988171509907688658228216211634170738",
                "24048334766223464333731480378457487024",
                "12462237445475430159156120538055268285",
                "33543148028699536691018253942314465598",
                "138229097732177920999078724464461639802"
            ]
        },
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-ca13678f"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7",
        "digest": {
            "length": 4038.0,
            "function_hash": "239231668748904030426607123732024111520"
        },
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "function": "InsertRow",
            "file": "coders/wpg.c"
        },
        "id": "CVE-2016-7526-f2d507c1"
    }
]