PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-7800 Opensuse CVE debrief

CVE-2016-7800 is a high-severity GraphicsMagick flaw in the parse8BIM path. According to NVD, a crafted 8BIM chunk can trigger an integer underflow that leads to a heap-based buffer overflow and application crash. The public record ties the issue to GraphicsMagick 1.3.25 and earlier, with downstream package references also listed for some operating system releases.

Vendor
Opensuse
Product
CVE-2016-7800
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Administrators, package maintainers, and security teams responsible for GraphicsMagick deployments should care, especially if they run GraphicsMagick 1.3.25 or earlier or consume distro packages mapped in the NVD record for openSUSE Leap 42.1, openSUSE 13.2, or Debian Linux 8.0.

Technical summary

NVD describes the weakness as an integer underflow in parse8BIM within coders/meta.c. The underflow can drive a heap-based buffer overflow when processing a crafted 8BIM chunk. The record maps this to CWE-191 and CWE-119, with CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating remote attackability and primary availability impact.

Defensive priority

High. This is network-reachable, requires no privileges or user interaction per the CVSS vector, and can crash affected applications. Prioritize patching or package updates where GraphicsMagick is deployed, especially in exposed or automated image-processing workflows.

Recommended defensive actions

  • Update GraphicsMagick to a fixed version newer than 1.3.25 where vendor/package guidance indicates the issue is corrected.
  • Check package inventories for GraphicsMagick in affected downstream distributions referenced by NVD, including openSUSE Leap 42.1, openSUSE 13.2, and Debian Linux 8.0.
  • If immediate patching is not possible, reduce exposure by limiting untrusted image ingestion to the affected application path.
  • Monitor image-processing services for crashes or abnormal termination tied to malformed input handling.
  • Track vendor and distribution advisories linked from the NVD record for package-specific remediation guidance.

Evidence notes

The debrief is based on the NVD record for CVE-2016-7800 and its listed references. NVD states the flaw is an integer underflow in parse8BIM in GraphicsMagick 1.3.25 and earlier, with crafted 8BIM input causing heap-based buffer overflow and denial of service. The NVD CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The record also lists downstream CPEs for openSUSE Leap 42.1, openSUSE 13.2, and Debian Linux 8.0. Supporting references include openSUSE advisories, Debian DSA-3746, an oss-security mailing list post, SecurityFocus entries, a Red Hat Bugzilla ticket, and a SourceForge release note link.

Official resources

CVE-2016-7800 was published in the CVE/NVD record on 2017-02-06. The NVD entry was later modified on 2026-05-13. Several supporting vendor and community references in the record date to October 2016.