CVE-2016-7526

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7526

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7526.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-7526

Downstream

DEBIAN-CVE-2016-7526

DLA-731-1

DSA-3652-1

SUSE-SU-2016:2667-1

SUSE-SU-2016:2964-1

UBUNTU-CVE-2016-7526

USN-3131-1

Related

Published

2017-04-20T18:59:01Z

Modified

2025-08-09T20:01:28Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

References

Affected packages

Debian:11 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8:6.9.6.2+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/imagemagick/imagemagick

Affected ranges

Type: GIT
Repo: https://github.com/imagemagick/imagemagick
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

998c687fb83993c13fa711d75f59a95b38ceab77

Fixed

b60d1ed0af37c50b91a40937825b4c61e8458095

Fixed

b6ae2f9e0ab13343c0281732d479757a8e8979c7

Fixed

d9b2209a69ee90d8df81fb124eb66f593eb9f599

Type: GIT
Repo: https://github.com/imagemagick/imagemagick6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4bae9bed8a79e031884ca9a4681dce89dbd26855

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "InsertRow"
            },
            "digest": {
                "function_hash": "274052643633555858941852038294576833544",
                "length": 4390.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-03040af9",
            "source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095"
        },
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "ReadWPGImage"
            },
            "digest": {
                "function_hash": "291194572662642279229280480153523271761",
                "length": 11849.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-224ecd84",
            "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77"
        },
        {
            "target": {
                "file": "coders/wpg.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103285228787620946142782869715282798147",
                    "299526059047460383861757491180470657592",
                    "95578327036182197068180801305850515142",
                    "75766519371248361780226681925486449249"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-64e6d24f",
            "source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"
        },
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "ReadWPGImage"
            },
            "digest": {
                "function_hash": "11675639297204858977307468910856747069",
                "length": 11783.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-6cd6f4a9",
            "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"
        },
        {
            "target": {
                "file": "coders/wpg.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "259884090484826856568342908046500566643",
                    "241564993952852797389510581534718583048",
                    "10086158481357944492019352432320900866",
                    "253818805422992802946968490427429795356",
                    "150894069944753803149192991897548354926",
                    "123302508057305672814701366759845757385",
                    "157851716441951450421338912549604514996",
                    "14399114298497964475220769272072220372",
                    "47758119579901101916502130830507007846",
                    "226229898543932025566375118028604430994",
                    "259188281780664081919599682243378408540",
                    "192757111336903685750336953083346553560",
                    "55326020350281613447974739370319359929",
                    "161751664784735953509360892415677852171",
                    "116378087604061334309526215234804025537",
                    "165080791139618033945788236131818507596",
                    "324301100619336709014504618875345966280",
                    "209413717151308010904354550526556105286",
                    "103152817862685377876477910207502448905",
                    "249319240804620926834547624314645813299",
                    "169891094385661908369698175190543160200",
                    "284750662486351637778012740443285535686",
                    "173513487929492134532946202455865233069",
                    "147831185790857945495746407553188103765",
                    "233024782624686754360940409338643686500",
                    "230689281942241368508363766939566818784",
                    "99615485626756735394753239073599354036",
                    "258858642990591035770079335962061283393",
                    "307224511755852774890402686341264572675",
                    "161829566823995562388125467018663190253"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-826c3bd7",
            "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"
        },
        {
            "target": {
                "file": "coders/wpg.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296202915652744921405100257105764390010",
                    "247150939643836653841183791585942424054",
                    "270312678384849432848536356204767338847",
                    "318478266732889627196422765315702091400"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-9d0dfdc4",
            "source": "https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095"
        },
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "InsertRow"
            },
            "digest": {
                "function_hash": "67888134776615178635304822975715651377",
                "length": 4390.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-af85579d",
            "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77"
        },
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "InsertRow"
            },
            "digest": {
                "function_hash": "221561675724562337345846584259777321557",
                "length": 4038.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-b6d08b52",
            "source": "https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"
        },
        {
            "target": {
                "file": "coders/wpg.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184958327058488957927033213971304007505",
                    "316493567550125134363467893738779177566",
                    "239521490559225961460127414038364400387",
                    "20313255379032127267252625250096589192",
                    "331616895724346255161520320085744168810",
                    "295422028323239532883984964056966920314",
                    "327448158965317340914223555466259243720",
                    "135860532438337189341092706210929656938",
                    "149825510691990931775520970003841261061",
                    "332717406715456019008028598532947716312",
                    "313889929887206561787041905051155830224",
                    "229694328961901355156115612056634361253",
                    "215689255696349223378395526426314181777",
                    "174927052065345936515628950737670631540",
                    "227341233961634362078894092827377426535",
                    "35641881518127281332342546450659954280",
                    "129234905620735654316884867151694744947",
                    "152457233170629562880967362894323228534",
                    "302854400340853149036966151597928312361",
                    "70289716816019320247394815219808549561",
                    "223022210640126061924509710498319309146",
                    "47293091755760049439011898839203780207",
                    "301980764241473664027548191356254760940",
                    "200960132191557783299371628030310359656",
                    "286905483004040459626458408935471002067",
                    "24048334766223464333731480378457487024",
                    "249319240804620926834547624314645813299",
                    "169891094385661908369698175190543160200",
                    "284750662486351637778012740443285535686",
                    "141490877720092693785891815640840621833",
                    "260515002283394024877181282408577455221",
                    "50855103745066788888301749408092644701",
                    "66999561997220946050724619479087742193",
                    "194091063641323953678714311368663562438",
                    "33543148028699536691018253942314465598",
                    "173513487929492134532946202455865233069",
                    "147831185790857945495746407553188103765",
                    "233024782624686754360940409338643686500",
                    "230689281942241368508363766939566818784",
                    "120859661043048946946333961149048632408",
                    "334226194622420835021555523262904689197",
                    "197805291447083308206149075321773785235",
                    "52896354688185095764008338588287758663",
                    "44399384117457512534977489397455145134",
                    "258858642990591035770079335962061283393",
                    "307224511755852774890402686341264572675",
                    "161829566823995562388125467018663190253",
                    "219582339978990145434991488201296704466",
                    "280026100259858130601751253934954732789",
                    "274988171509907688658228216211634170738",
                    "24048334766223464333731480378457487024",
                    "12462237445475430159156120538055268285",
                    "33543148028699536691018253942314465598",
                    "138229097732177920999078724464461639802"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-ca13678f",
            "source": "https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77"
        },
        {
            "target": {
                "file": "coders/wpg.c",
                "function": "InsertRow"
            },
            "digest": {
                "function_hash": "239231668748904030426607123732024111520",
                "length": 4038.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2016-7526-f2d507c1",
            "source": "https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"
        }
    ]
}