CVE-2016-5688

Priority
Description
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a
memory limit is set, allows remote attackers to have unspecified impact via
vectors related to the SetImageExtent return-value check, which trigger (1)
a heap-based buffer overflow in the SetPixelIndex function or an invalid
write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex
functions.
Notes
 mdeslaur> This is 0131-Ensure-image-extent-does-not-exceed-maximum-for-wpg-.patch,
 mdeslaur> 0132-Set-pixel-cache-to-undefined-if-any-resource-limit-i.patch,
 mdeslaur> 0133-Fix-allocation-of-memory-for-CVE-2016-5688.patch
More Information

Updated: 2018-10-31 21:24:05 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)