CVE-2016-7530 - OpenCVE

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Imagemagick	Imagemagick

Configuration 1 [-]

cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/09/22/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/93131	Third Party Advisory VDB Entry
https://bugs.launchpad.net/bugs/1539053	Issue Tracking Third Party Advisory
https://bugs.launchpad.net/bugs/1539067	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1378762	Issue Tracking Patch Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c	Patch
https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3	Patch
https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70	Patch
https://github.com/ImageMagick/ImageMagick/issues/105	Issue Tracking Patch Vendor Advisory
https://github.com/ImageMagick/ImageMagick/issues/110	Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2017-04-20T18:00:00

Updated: 2017-04-21T09:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7530

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-20T18:59:01.263

Modified: 2017-05-09T12:39:19.320

Link: CVE-2016-7530

JSON object: View

Redhat Information

No data.

CWE

CWE-369

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-21T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70"}, {"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/issues/110"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/issues/105"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/bugs/1539067"}, {"name": "93131", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93131"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/bugs/1539053"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2016-7530", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70"}, {"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"}, {"name": "https://github.com/ImageMagick/ImageMagick/issues/110", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/110"}, {"name": "https://github.com/ImageMagick/ImageMagick/issues/105", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/105"}, {"name": "https://bugs.launchpad.net/bugs/1539067", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/bugs/1539067"}, {"name": "93131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93131"}, {"name": "https://bugs.launchpad.net/bugs/1539053", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/bugs/1539053"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-7530", "datePublished": "2017-04-20T18:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2017-04-21T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E6BE7A5-6FF7-4916-B671-9EE11CA54F65", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file."}, {"lang": "es", "value": "El c\u00f3digo de manejo cu\u00e1ntico en ImageMagick permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero o escritura fuera de l\u00edmites) a trav\u00e9s de un archivo manipulado."}], "id": "CVE-2016-7530", "lastModified": "2017-05-09T12:39:19.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-20T18:59:01.263", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93131"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/bugs/1539053"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/bugs/1539067"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378762"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/105"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/issues/110"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Primary"}]}