DescriptionThe ReadPCXImage function in coders/pcx.c in ImageMagick allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs859025

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
imagemagick (PTS)wheezy8:
wheezy (security)8:
jessie (security), jessie8:
stretch (security)8:
buster, sid8:

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Furthermore: upstream is not able to reproduce the problem as well
The problem result in a memory allocation issue when compiled with ASAN
but unreproducible from unstream. Since no more details can be provided
and the issue not addressed, treat this as "non-issue" (and thus marked
unimportant). If in future details can be elaborated by the reporter
we might re-evaluate this entry.

Search for package or bug name: Reporting problems