CVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
| Software | From | Fixed in |
|---|---|---|
| imagemagick / imagemagick | 7.0.1-1 | 7.0.1-1.x |
| imagemagick / imagemagick | 7.0.1-3 | 7.0.1-3.x |
| imagemagick / imagemagick | 7.0.1-2 | 7.0.1-2.x |
| imagemagick / imagemagick | - | 6.9.4-2.x |
| imagemagick / imagemagick | 7.0.1-0 | 7.0.1-0.x |
| oracle / solaris | 11.3 | 11.3.x |
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime