Vulnerability Details : CVE-2016-10069
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-10069
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10069
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10069
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-10069
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10069
-
http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
openSUSE-SU-2017:0391-1: moderate: Security update for GraphicsMagickThird Party Advisory
-
https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
Added check for invalid number of frames. · ImageMagick/ImageMagick@8a370f9 · GitHubPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=1410507
1410507 – (CVE-2016-10069) CVE-2016-10069 ImageMagick: Invalid number of frames not checked in mat filesIssue Tracking;Patch;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/95216
ImageMagick CVE-2016-10069 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/12/26/9
oss-security - Re: CVE requests for various ImageMagick issuesMailing List;Patch;Third Party Advisory
Jump to