CVE-2016-8682

First published: Mon Oct 17 2016(Updated: )

Multiple issues in GraphicsMagick received CVEs on oss-security mailing list. CVE-2016-8682: <a href="https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/">https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/</a> AddressSanitizer: stack-buffer-overflow ... READ of size 769 0x7f73e9a8399f in ReadSCTImage ... GraphicsMagick-1.3.25/coders/sct.c:126 Upstream patch: <a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d">http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d</a> CVE-2016-8683: <a href="https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/">https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/</a> AddressSanitizer failed to allocate 0x4cd6a6000 bytes of LargeMmapAllocator 0x7ff8e887beba in ReadPCXImage ... GraphicsMagick-1.3.25/coders/pcx.c:467:16 Upstream patch: <a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9">http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9</a> CVE-2016-8684: <a href="https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/">https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/</a> AddressSanitizer failed to allocate 0x7fff03000 bytes of LargeMmapAllocator MagickMalloc ... GraphicsMagick-1.3.25/magick/memory.c:156:10 MagickMallocArray ... GraphicsMagick-1.3.25/magick/memory.c:347 ReadSGIImage ... GraphicsMagick-1.3.25/coders/sgi.c:498:19 Upstream patch: <a href="http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449">http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449</a>

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• agent/remedy
• agent/references
• agent/author
• agent/weakness
• agent/severity
• agent/description
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2016-8682
• agent/trending
• agent/source
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• vendor/graphicsmagick
• canonical/graphicsmagick
• version/graphicsmagick/1.3.25
• vendor/opensuse
• canonical/opensuse opensuse
• version/opensuse opensuse/13.2
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/8.0