{"id":"CVE-2016-5841","details":"Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.","modified":"2026-04-16T06:18:05.062258524Z","published":"2016-12-13T15:59:06.607Z","related":["CGA-c7q7-9pjv-r5h8","SUSE-SU-2016:1782-1","SUSE-SU-2016:1784-1"],"references":[{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91394"},{"type":"ADVISORY","url":"https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/06/23/1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/06/25/3"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"last_affected":"25ea4de824468525f809ed1d62946626cb6e8aa6"},{"fixed":"d8ab7f046587f2e9f734b687ba7e6e10147c294b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0.2-0"}]}}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5841.json","vanir_signatures":[{"id":"CVE-2016-5841-02c7f30a","target":{"file":"MagickCore/property.c","function":"GetEXIFProperty"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"55237378908884621084424283623449618560","length":18385},"signature_version":"v1"},{"id":"CVE-2016-5841-32bff733","target":{"file":"MagickCore/property.c","function":"ReadPropertySignedLong"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"80854876286126202922081841379473810412","length":607},"signature_version":"v1"},{"id":"CVE-2016-5841-524ba391","target":{"file":"MagickCore/property.c","function":"ReadPropertyUnsignedLong"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"digest":{"function_hash":"225974067239017879174424033864831064537","length":483},"signature_type":"Function","signature_version":"v1"},{"id":"CVE-2016-5841-5ee51311","target":{"file":"MagickCore/property.c","function":"ReadPropertyMSBLong"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"digest":{"function_hash":"30962091075374899492209851493597672423","length":592},"signature_type":"Function","signature_version":"v1"},{"signature_version":"v1","target":{"file":"MagickCore/profile.c","function":"ReadResourceLong"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"digest":{"function_hash":"295987957703078099797099852074412043651","length":299},"signature_type":"Function","id":"CVE-2016-5841-7a26b19f"},{"signature_version":"v1","target":{"file":"MagickCore/property.c","function":"ReadPropertyUnsignedShort"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"337746688520845042896054326952555653057","length":425},"id":"CVE-2016-5841-81e890dc"},{"id":"CVE-2016-5841-9d0977a5","target":{"file":"MagickCore/profile.c"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["269303692328728058379761101084554638269","114453291194694078589658417733285190504","150650287829833277593408911668143887832","129841396773769932195516635863039455550","198189083541439664358739337516858606555","289641882643911467300342992186770286970","22358119434534413763766764750773007017","337878333182260087212450702873572738851","113439369805725766098089611289792708720","99561184264661633743713794484263870694","189616634083365487314213713668269045063","234271529421717109997218583579234600010","297896288429292179589198251834846110579","294055282482727609383151763572980683875","20979379611360872603566363542380666891","194952079568003139129372966145662780907","62616194367945504321012191555331696830","179188582101905753298148876361355253653","28886862729191991637117173614007413473","177237715279828920062714507544589924391","115479265993410944128559735400597228040","289523600392301877415516195723497131596","136741147495810625768975823178639836930","44814242545056857762793862709548301546","161193170911498155336254902662688348242","316914203742981495137170449600998786257","239344926510325030097718131987326674166","156635267553407807297352372191579532732","333786509589120612394118931113200008312","79973441125043933946070030490409043008","254456683470500208924176528416945290247","268326390176383680023481640723022994649","45127830391285578678318148632335583663","204992086225402950958723217240616107260","7044973816095863284164823356367706440","136941416422006725428496149456709327208","189298762382057367958233224113972290946","168792675982422497764491017476158197716","181641486799379768542856763386860809623","70209603330517065426461536924083447344","53645610936087069182475455603961039504","261128923802723148554592281260328158853","16546488639457447087166482182796893989","242759253922470114975643010465894194238","262432829361664238437230626886048608716","121856050627565294997302975949095701960"]},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"MagickCore/profile.c","function":"SyncExifProfile"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"114981307785579676265415587216138273572","length":3509},"id":"CVE-2016-5841-b3849887"},{"id":"CVE-2016-5841-bd09206d","target":{"file":"MagickCore/profile.c","function":"ReadProfileShort"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"216666948467973874396557109928958021652","length":539},"signature_version":"v1"},{"id":"CVE-2016-5841-be02c26a","target":{"file":"MagickCore/property.c","function":"ReadPropertySignedShort"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"79305794743156296775914187004568655158","length":549},"signature_version":"v1"},{"id":"CVE-2016-5841-c77a6326","target":{"file":"MagickCore/profile.c","function":"ReadProfileLong"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"205359648004611228560920417483020693500","length":601},"signature_version":"v1"},{"signature_version":"v1","target":{"file":"MagickCore/property.c"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["267394704626636059657389807937115106144","124106136362465260684380499032430463902","112487884724964919504930756362510745511","141860418788488592677866060226399603396","109365529489800770479102407121825453170","245842062924831391923055699587067595655","135730615785095430339457858837193552222","111314287867212238929795748625529379483","165737079068018187224065784153452973023","194060499689324575031129997203145644526","265688671019503244704992899766494973206","748853455097152700553296927541285874","185644568087713988257396848667991881294","266123994008562305409919544356815879567","171763893503893677268922869053422107848","175665321445427632442113994230408942286","134380489962816369974276096234628215899","80477784496041673201226188217718127383","239344926510325030097718131987326674166","156635267553407807297352372191579532732","333786509589120612394118931113200008312","79973441125043933946070030490409043008","254456683470500208924176528416945290247","268326390176383680023481640723022994649","45127830391285578678318148632335583663","204992086225402950958723217240616107260","7044973816095863284164823356367706440","136941416422006725428496149456709327208","334683581991415635226787937262125254522","239344926510325030097718131987326674166","156635267553407807297352372191579532732","295733013080276656957987610025922742003","331743155602173384733488506170549422409","48294602124050790264649895549564062264","70751219415163978231319425191337639890","179911615616505372092797923730273036921","328779293261799298985949863947914495063","6395810752485650573440161146589817721","181526064451947864654128624131569084352","62616194367945504321012191555331696830","179188582101905753298148876361355253653","28886862729191991637117173614007413473","177237715279828920062714507544589924391","115479265993410944128559735400597228040","289523600392301877415516195723497131596","136741147495810625768975823178639836930","44814242545056857762793862709548301546","161193170911498155336254902662688348242","260983280684236997923948046252557234798","62616194367945504321012191555331696830","69305758903936450820638360773224813406","314159495614600587603400714867601372248","260140289143176212017628172875121524180","165643092682338314098835415959427734202","148713230948193392892586328304495113496","218783342919724488002426174550361361080","265773785816036220607091735430782918765","15260342906504372406583565442700339195","249258100414306539984051772651774750839","107999970718024872347408596526300339386","339000951756442050368376366403023031179","127786037897697506764713963483159262857","51937998899101337093056807379353992062","233282645264548482040382321391662819373","17315465376800833452992308560053114182","301060934373501452540269809044151181251"]},"signature_type":"Line","id":"CVE-2016-5841-dd4fbe73"},{"signature_version":"v1","target":{"file":"MagickCore/profile.c","function":"ReadResourceShort"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"signature_type":"Function","digest":{"function_hash":"111923842134492721270870758431891675409","length":229},"id":"CVE-2016-5841-ddf61db8"},{"id":"CVE-2016-5841-de121d3a","target":{"file":"MagickCore/property.c","function":"ReadPropertyMSBShort"},"source":"https://github.com/imagemagick/imagemagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b","deprecated":false,"digest":{"function_hash":"236794236153902799583195688270233105194","length":574},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:02:24Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}