CVE-2016-6520

moderate-risk
Published 2016-12-13

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Imagemagick

References (10)

Release Notes http://www.imagemagick.org/script/changelog.php
Mailing List http://www.openwall.com/lists/oss-security/2016/08/02/10
Mailing List http://www.openwall.com/lists/oss-security/2016/08/02/6
Patch http://www.securitytracker.com/id/1036502
Patch https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d...
Release Notes http://www.imagemagick.org/script/changelog.php
Mailing List http://www.openwall.com/lists/oss-security/2016/08/02/10
Mailing List http://www.openwall.com/lists/oss-security/2016/08/02/6
Patch http://www.securitytracker.com/id/1036502
Patch https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d...
43
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal