ID CVE-2016-9559
Summary coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
References
Vulnerable Configurations
  • ImageMagick 7.0.3-6
    cpe:2.3:a:imagemagick:imagemagick:7.0.3-6
CVSS
Base: 4.3 (as of 01-03-2017 - 14:54)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1413.NASL
    description This update for GraphicsMagick fixes the following security issues : - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95593
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95593
    title openSUSE Security Update : ImageMagick (openSUSE-2016-1413)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1415.NASL
    description This update for GraphicsMagick fixes the following security issues : - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95595
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95595
    title openSUSE Security Update : GraphicsMagick (openSUSE-2016-1415)
  • NASL family Windows
    NASL id IMAGEMAGICK_6_9_6_5.NASL
    description The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-5. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c. An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95719
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95719
    title ImageMagick 6.x < 6.9.6-5 TIFFGetProperties() NULL Pointer Dereference DoS
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1414.NASL
    description This update for GraphicsMagick fixes the following security issues : - CVE-2016-9556: Maliciously crafted image headers could cause denial of service in image format detection routines (boo#1011130) - CVE-2016-9559: Maliciously crafted image headers could cause denial of service in image format detection routines for TIFF (boo#1011136)
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95594
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95594
    title openSUSE Security Update : GraphicsMagick (openSUSE-2016-1414)
  • NASL family Windows
    NASL id IMAGEMAGICK_7_0_3_7.NASL
    description The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-7. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c. An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95721
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95721
    title ImageMagick 7.x < 7.0.3-7 TIFFGetProperties() NULL Pointer Dereference DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3258-1.NASL
    description This update for ImageMagick fixes the following issues : - CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136] - CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] - CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 96139
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96139
    title SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-3256-1.NASL
    description This update for ImageMagick fixes the following issues : - CVE-2016-9556: Possible Heap-overflow found by fuzzing [bsc#1011130] - CVE-2016-9559: Possible NULL pointer access found by fuzzing [bsc#1011136] - CVE-2016-8707: Possible code execution in the tiff deflate convert code [bsc#1014159] - CVE-2016-9773: Possible Heap overflow in IsPixelGray [bsc#1013376] - CVE-2016-8866: Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 96138
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96138
    title SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-14.NASL
    description This update for ImageMagick fixes the following issues : - CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136] - CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] - CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] - CVE-2016-9559 Possible NULL pointer access found by fuzzing [bsc#1011136] This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 96296
    published 2017-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96296
    title openSUSE Security Update : ImageMagick (openSUSE-2017-14)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3726.NASL
    description Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 95362
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95362
    title Debian DSA-3726-1 : imagemagick - security update
refmap via4
bid 94489
confirm
debian DSA-3726
misc https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c/
mlist
  • [oss-security] 20161119 imagemagick: null pointer must never be null (tiff.c)
  • [oss-security] 20161122 Re: imagemagick: null pointer must never be null (tiff.c)
Last major update 02-03-2017 - 21:59
Published 01-03-2017 - 10:59
Last modified 03-11-2017 - 21:29
Back to Top