[ Y] I have verified that I am using the latest version of ImageMagick
[ Y] I have searched open and closed issues to ensure it has not already been reported
Description
There is a vulnerability named CVE-2016-7526. Below is the detailed information about the vulnerability. DESCRIPTION of CVE-2016-7526
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. ISSUE of CVE-2016-7526 #102 PATCH of CVE-2016-7526 b6ae2f9 d9b2209
As we can see from the patch information, there was a fix in InsertRow in coders/wpg.c. And it is similar to InsertRow in coders/cuts.c.
- for (x=0; x < ((ssize_t) image->columns-1); x+=2)
+ for (x=0; x < ((ssize_t) image->columns-1); x+=4)
Prerequisites
Description
There is a vulnerability named CVE-2016-7526. Below is the detailed information about the vulnerability.
DESCRIPTION of CVE-2016-7526
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
ISSUE of CVE-2016-7526
#102
PATCH of CVE-2016-7526
b6ae2f9
d9b2209
As we can see from the patch information, there was a fix in InsertRow in coders/wpg.c. And it is similar to InsertRow in coders/cuts.c.
(b6ae2f9)
d9b2209
140: for (x=0; x < ((ssize_t) image->columns-1); x+=2)(https://github.com/ImageMagick/ImageMagick/blob/master/coders/cut.c)
So, I think there should be a fix in InserRow in coders/cut.c.
Steps to Reproduce
System Configuration
The text was updated successfully, but these errors were encountered: