CVE-2016-6491

HIGH8.8EPSS 0.94%

Published: 12/13/2016Modified: 4/28/2026

Description

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

Affected packages (2)

Alpine/imagemagickfrom 0, < 6.9.6.8-r0
Debian/imagemagickfrom 0, < 8:6.9.6.2+dfsg-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6491
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6491