CVE-2016-4564

The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-06-04 16:59

Updated : 2023-12-10 11:46


NVD link : CVE-2016-4564

Mitre link : CVE-2016-4564

CVE.ORG link : CVE-2016-4564


JSON object : View

Products Affected

imagemagick

  • imagemagick
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer