{"id":"CVE-2016-4563","details":"The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","modified":"2026-03-14T09:20:09.142040Z","published":"2016-06-04T16:59:01.390Z","related":["SUSE-SU-2016:1782-1","SUSE-SU-2016:1784-1"],"references":[{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"FIX","url":"http://www.imagemagick.org/script/changelog.php"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"e46b7d19de7914881986ef939f690facc7a0198d"},{"introduced":"0"},{"last_affected":"044a9bc056a8e0a7979009b41901e97640626257"},{"fixed":"726812fa2fa7ce16bcf58f6e115f65427a1c0950"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.1-0"},{"introduced":"0"},{"last_affected":"7.0.1-1"}]}}],"versions":["7.0.1-0","7.0.1-1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.9.3-0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0.0-0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4563.json","vanir_signatures":[{"signature_version":"v1","digest":{"length":10540,"function_hash":"19087062209882581044641411060786551904"},"target":{"function":"TraceStrokePolygon","file":"MagickCore/draw.c"},"source":"https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950","id":"CVE-2016-4563-0769ef42","signature_type":"Function","deprecated":false},{"signature_version":"v1","digest":{"length":3488,"function_hash":"199412975228909332613035562347786452244"},"target":{"function":"GetDrawInfo","file":"MagickCore/draw.c"},"source":"https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950","id":"CVE-2016-4563-890e239d","signature_type":"Function","deprecated":false},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["335925560134690317193092292346148598978","307948842438111121134376582141792796824","97345539009483171584076736458940709996","64898305418218442766827821520648203195","39912305942279437731012210379761251617","40443501656162150355495403035712924760","73770472470587632883798795161565020304","108226680772346091687868864400085679842","123500761471490265105147971528166897161","128911744063364514777923767508840543425","52330198588996416451826398963021301631","39155747152746986153251298903565164589","263893698248966395428460961874113703311","222972072724161323662315619050432438047","37872776098310485081149520352596256823","87766492829804867606755861836032755714","318812137520032918497578210276177144452","285519679534823872783653649443451620369","111664113479720381242873764103512901456","209105006954348787744956521427701845128","86994817891360412057289853076436632576","282816159401390604297193423431513401052","263960042071451048902034245583640204662","107173512466735287013316648176502235637","176276748335204020322126314289568947720","282816159401390604297193423431513401052","263960042071451048902034245583640204662","107173512466735287013316648176502235637","310828230740712513599460023578692140619","31749063765810394033456734707565040366","66603185189968205733053196986599662754","149118458899116707934837996113363284337","10266813249376292710459755104441149012","260728227847294758935892291231482334031","183014658586905284531964200868872214974","176631909759406139029928140274926783744","308642993537714985887596125408117446631","248624470573473206926966028792723341877","44017432680821659120688356788415541818","13513726291783741092497127189136216081","219005237784560473002689149717526593856","16920365415131233757724635579526988406","336064720220418584245076687232359569712","91759784730048765921748842399854390431","173447169806335433436180807977390116521","141063037036872547953980132765050672364","159035688460192567075543989008746304701","216176733096076452748713191831734300187","69415229704931832362455333872666459402","147167426969163165536624855055937205817","175753101143168695242006631749909177644","143670045905339725661114794419022984854","158615013654191673580989709297953542361","82680078655929986894877045897422248313"]},"target":{"file":"MagickCore/draw.c"},"source":"https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950","id":"CVE-2016-4563-a451aa3a","signature_type":"Line","deprecated":false},{"signature_version":"v1","digest":{"length":3350,"function_hash":"25757192401322138830226923066754159931"},"target":{"function":"DrawDashPolygon","file":"MagickCore/draw.c"},"source":"https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950","id":"CVE-2016-4563-a7899e3b","signature_type":"Function","deprecated":false},{"signature_version":"v1","digest":{"length":33654,"function_hash":"188218296422400481329023041470426665333"},"target":{"function":"DrawImage","file":"MagickCore/draw.c"},"source":"https://github.com/imagemagick/imagemagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950","id":"CVE-2016-4563-c0d05cd5","signature_type":"Function","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}