CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-8678

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.9%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

http://www.openwall.com/lists/oss-security/2016/10/16/2
http://www.openwall.com/lists/oss-security/2016/12/08/18
http://www.securityfocus.com/bid/93599
https://bugzilla.redhat.com/show_bug.cgi?id=1385694
https://github.com/ImageMagick/ImageMagick/issues/272
http://www.openwall.com/lists/oss-security/2016/10/16/2
http://www.openwall.com/lists/oss-security/2016/12/08/18
http://www.securityfocus.com/bid/93599
https://bugzilla.redhat.com/show_bug.cgi?id=1385694
https://github.com/ImageMagick/ImageMagick/issues/272

Products affected by CVE-2016-8678

Imagemagick » Imagemagick » Version: 7.0.3-0

cpe:2.3:a:imagemagick:imagemagick:7.0.3-0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-8678

Products

Pricing

Contact Us