Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2016-10052 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2016-10052

CVE-2016-10052

HIGH7.8

Buffer overflow in the WriteProfile function in coders/jpeg

Published Mar 23, 2017

Modified 1 years ago

Details

Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

References

ADVISORY

http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html

ADVISORY

http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html

WEB

http://www.openwall.com/lists/oss-security/2016/12/26/9

WEB

http://www.securityfocus.com/bid/95181

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=1410459

WEB

https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa

WEB

https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2016-10052

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 23, 2017

ModifiedAug 6, 2024