PublicDateAtUSN: 2016-08-25
Candidate: CVE-2016-7540
PublicDate: 2017-04-20 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7540
 https://github.com/ImageMagick/ImageMagick/pull/223
 http://www.openwall.com/lists/oss-security/2016/08/07/1
 https://ubuntu.com/security/notices/USN-3131-1
Description:
 coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to
 cause a denial of service (assertion failure) by converting an image to rgf
 format.
Ubuntu-Description:
Notes:
 mdeslaur> This is 0139-Fix-abort-when-writing-to-rgf-format.patch
Bugs:
 https://bugs.launchpad.net/bugs/1594060
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827643
Priority: low
Discovered-by: David Lechner
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_imagemagick:
upstream_imagemagick: released (8:6.8.9.9-5+deb8u4)
precise_imagemagick: not-affected (code not present)
trusty_imagemagick: not-affected (code not present)
trusty/esm_imagemagick: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_imagemagick: DNE
vivid/ubuntu-core_imagemagick: DNE
xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.2)
esm-infra/xenial_imagemagick: released (8:6.8.9.9-7ubuntu5.2)
yakkety_imagemagick: released (8:6.8.9.9-7ubuntu8.1)
devel_imagemagick: released (8:6.8.9.9-7ubuntu10)