CVE-2016-7536 : magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.

Published 2017-04-20 18:59:01

Updated 2020-11-16 19:34:51

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: Memory CorruptionInput validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2016-7536

Probability of exploitation activity in the next 30 days: 0.75%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176

Fixed SEGV reported in https://github.com/ImageMagick/ImageMagick/iss… · ImageMagick/ImageMagick@02dadf1 · GitHub
Patch;Third Party Advisory
http://www.securityfocus.com/bid/93225

ImageMagick CVE-2016-7536 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/22/2

oss-security - Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1378772

1378772 – (CVE-2016-7536) CVE-2016-7536 ImageMagick: SEGV reported in corrupted profile handling
Issue Tracking;Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453

Fixed SEGV reported in https://github.com/ImageMagick/ImageMagick/iss… · ImageMagick/ImageMagick@478cce5 · GitHub
Patch
https://github.com/ImageMagick/ImageMagick/issues/130

SEGV in ImageMagick/MagickCore/locale.c:1517 · Issue #130 · ImageMagick/ImageMagick · GitHub
Issue Tracking;Patch;Vendor Advisory
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367

Bug #1545367 “SEGV in ImageMagick/MagickCore/locale.c:1517” : Bugs : imagemagick package : Ubuntu
Issue Tracking;Third Party Advisory

Imagemagick » Imagemagick » Version: N/A
cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*
Matching versions