CVE-2016-5691

CRITICAL

ImageMagick <6.9.4.5 & <7.0.1.7 - Info Disclosure

Title source: llm

Description

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

References (8)

Scores

CVSS v3 9.8
EPSS 0.0133
EPSS Percentile 79.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-20
Status draft

Affected Products (9)

oracle/solaris
imagemagick/imagemagick < 6.9.4-4
imagemagick/imagemagick
imagemagick/imagemagick
imagemagick/imagemagick
imagemagick/imagemagick
imagemagick/imagemagick
imagemagick/imagemagick
imagemagick/imagemagick

Timeline

Published Dec 13, 2016
Tracked Since Feb 18, 2026