{"id":"CVE-2016-5690","details":"The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.","modified":"2026-04-11T04:02:21.071493Z","published":"2016-12-13T15:59:03.873Z","related":["SUSE-SU-2016:1782-1","SUSE-SU-2016:1784-1"],"references":[{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91283"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/14/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/06/17/3"},{"type":"ARTICLE","url":"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html"},{"type":"EVIDENCE","url":"https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"e46b7d19de7914881986ef939f690facc7a0198d"},{"introduced":"0"},{"last_affected":"044a9bc056a8e0a7979009b41901e97640626257"},{"introduced":"0"},{"last_affected":"f67a61425f27009d4ac16a62e31758e5af3a7226"},{"introduced":"0"},{"last_affected":"1a5fed605982a1a20e8e9bd57502e2ce94d7dc3e"},{"introduced":"0"},{"last_affected":"ac72d94febc1744579bad2646685a2054c087594"},{"introduced":"0"},{"last_affected":"580b68fc398b9bf7ec1a025524f294ce76fcf521"},{"introduced":"0"},{"last_affected":"8af0c7343af5ecda6a99611333321ca283ae505a"},{"fixed":"5511ef530576ed18fd636baa3bb4eda3d667665d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.1-0"},{"introduced":"0"},{"last_affected":"7.0.1-1"},{"introduced":"0"},{"last_affected":"7.0.1-2"},{"introduced":"0"},{"last_affected":"7.0.1-3"},{"introduced":"0"},{"last_affected":"7.0.1-4"},{"introduced":"0"},{"last_affected":"7.0.1-5"},{"introduced":"0"},{"last_affected":"7.0.1-6"}]}},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"aa74980014c8246f92a200a6e431b8d8efe312e5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.4-4"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-2","6.9.4-3","6.9.4-4","7.0.1-0","7.0.1-1","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.3"}]}],"vanir_signatures_modified":"2026-04-11T04:02:21Z","vanir_signatures":[{"id":"CVE-2016-5690-0d876578","digest":{"threshold":0.9,"line_hashes":["125690708503204704179866250422592584464","297118995262517685663034534754128752549","71456700239368997875191045675705977984","310300479292880551150267313013585917428","75158705854446966296570889487461669595","256487543234322570650697034452382529675","101800047312087569013320574819529047408","278330530480765877102691904248489772845","269998386639281855675428201403715945157","222744906410054753423939657109388688498","31328229820292102911312279564588830172","230150294241990504871522991641849196906","303987760605767369302449797372453866768","199538023032157869037437909163117919625","281035373911219828636523423704845789944","134836911006447715844848858788155042871"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"coders/dcm.c"},"source":"https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"},{"id":"CVE-2016-5690-9ac331bb","digest":{"length":27156,"function_hash":"319746287147606933465858284226449158380"},"signature_type":"Function","deprecated":false,"signature_version":"v1","target":{"function":"ReadDCMImage","file":"coders/dcm.c"},"source":"https://github.com/imagemagick/imagemagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5690.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}