Vulnerability Details : CVE-2016-6823
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-6823
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6823
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6823
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6823
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6823
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504
#834504 - imagemagick: CVE-2016-6823: Buffer overflow in bmp file reader - Debian Bug report logsIssue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/09/26/3
oss-security - CVE-2016-6823 - ImageMagick BMP Coder Out-Of-Bounds Write VulnerabilityMailing List;Patch;Third Party Advisory
-
https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
Prevent buffer overflow in BMP coder (bug report from pwchen of tence… · ImageMagick/ImageMagick@4cc6ec8 · GitHubPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/93158
ImageMagick CVE-2016-6823 Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to