CVE-2016-7906

Published: 04 October 2016

magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0