{"id":"CVE-2016-7526","details":"coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.","modified":"2026-04-11T05:00:55.010539Z","published":"2017-04-20T18:59:01.187Z","related":["CGA-cx7v-mc7v-p5h6","SUSE-SU-2016:2667-1","SUSE-SU-2016:2964-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93131"},{"type":"REPORT","url":"https://bugs.launchpad.net/bugs/1539050"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/102"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/09/22/2"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378758"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"998c687fb83993c13fa711d75f59a95b38ceab77"},{"fixed":"b60d1ed0af37c50b91a40937825b4c61e8458095"},{"fixed":"b6ae2f9e0ab13343c0281732d479757a8e8979c7"},{"fixed":"d9b2209a69ee90d8df81fb124eb66f593eb9f599"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"fixed":"4bae9bed8a79e031884ca9a4681dce89dbd26855"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.9.4-0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T05:00:55Z","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-03040af9","target":{"file":"coders/wpg.c","function":"InsertRow"},"signature_type":"Function","digest":{"function_hash":"274052643633555858941852038294576833544","length":4390},"source":"https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-224ecd84","target":{"file":"coders/wpg.c","function":"ReadWPGImage"},"signature_type":"Function","digest":{"function_hash":"291194572662642279229280480153523271761","length":11849},"source":"https://github.com/imagemagick/imagemagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-64e6d24f","target":{"file":"coders/wpg.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["103285228787620946142782869715282798147","299526059047460383861757491180470657592","95578327036182197068180801305850515142","75766519371248361780226681925486449249"]},"source":"https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-6cd6f4a9","target":{"file":"coders/wpg.c","function":"ReadWPGImage"},"signature_type":"Function","digest":{"function_hash":"11675639297204858977307468910856747069","length":11783},"source":"https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-826c3bd7","target":{"file":"coders/wpg.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["259884090484826856568342908046500566643","241564993952852797389510581534718583048","10086158481357944492019352432320900866","253818805422992802946968490427429795356","150894069944753803149192991897548354926","123302508057305672814701366759845757385","157851716441951450421338912549604514996","14399114298497964475220769272072220372","47758119579901101916502130830507007846","226229898543932025566375118028604430994","259188281780664081919599682243378408540","192757111336903685750336953083346553560","55326020350281613447974739370319359929","161751664784735953509360892415677852171","116378087604061334309526215234804025537","165080791139618033945788236131818507596","324301100619336709014504618875345966280","209413717151308010904354550526556105286","103152817862685377876477910207502448905","249319240804620926834547624314645813299","169891094385661908369698175190543160200","284750662486351637778012740443285535686","173513487929492134532946202455865233069","147831185790857945495746407553188103765","233024782624686754360940409338643686500","230689281942241368508363766939566818784","99615485626756735394753239073599354036","258858642990591035770079335962061283393","307224511755852774890402686341264572675","161829566823995562388125467018663190253"]},"source":"https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-9d0dfdc4","target":{"file":"coders/wpg.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["296202915652744921405100257105764390010","247150939643836653841183791585942424054","270312678384849432848536356204767338847","318478266732889627196422765315702091400"]},"source":"https://github.com/imagemagick/imagemagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-b6d08b52","target":{"file":"coders/wpg.c","function":"InsertRow"},"signature_type":"Function","digest":{"function_hash":"221561675724562337345846584259777321557","length":4038},"source":"https://github.com/imagemagick/imagemagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-7526-f2d507c1","target":{"file":"coders/wpg.c","function":"InsertRow"},"signature_type":"Function","digest":{"function_hash":"239231668748904030426607123732024111520","length":4038},"source":"https://github.com/imagemagick/imagemagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7526.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}