Arch Linux update for imagemagick
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-7799 CVE-2016-7906 |
| CWE-ID | CWE-122 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Arch Linux Operating systems & Components / Operating system |
| Vendor | Arch Linux |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU834
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7799
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness exists due to buffer over read caused by malicious file and allowing attackers to cause the affected application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected package imagemagick to version 6.9.6.0-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External linkshttps://security.archlinux.org/advisory/ASA-201610-6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Arbitrary code execution
EUVDB-ID: #VU835
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7906
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness exists due to use after free caused by a specially crafted image and letting attackers to execute arbitrary code or cause the application crash.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update the affected package imagemagick to version 6.9.6.0-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External linkshttps://security.archlinux.org/advisory/ASA-201610-6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
