CVE-2016-5688

Priority
Description
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a
memory limit is set, allows remote attackers to have unspecified impact via
vectors related to the SetImageExtent return-value check, which trigger (1)
a heap-based buffer overflow in the SetPixelIndex function or an invalid
write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex
functions.
Notes
 mdeslaur> This is 0131-Ensure-image-extent-does-not-exceed-maximum-for-wpg-.patch,
 mdeslaur> 0132-Set-pixel-cache-to-undefined-if-any-resource-limit-i.patch,
 mdeslaur> 0133-Fix-allocation-of-memory-for-CVE-2016-5688.patch
More Information

Updated: 2019-03-19 12:26:50 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)