CVE-2016-7799 is a denial-of-service issue in ImageMagick’s MagickCore/profile.c. According to NVD, a crafted file can trigger an out-of-bounds read, and the impact is availability-only. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which means an attacker can deliver the malicious file remotely, but a user must interact with it for the vulnerable code path to run. NVD lists affected ImageMa [truncated]
CVE-2016-7101 affects ImageMagick’s SGI coder and can be triggered by a remote attacker supplying a crafted SGI file with a large row value. The issue is an out-of-bounds read (CWE-125) and is scored as CVSS 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), indicating a user must interact with the file but the outcome can still be service disruption. NVD lists vulnerable ImageMagick versions before 6.9.5-8 and 7 [truncated]
CVE-2016-6823 is a high-severity ImageMagick BMP parsing vulnerability. A crafted BMP with attacker-controlled height and width values can trigger an integer overflow in the BMP coder, leading to an out-of-bounds write and a crash. NVD rates the issue as network-exploitable with no privileges or user interaction required, and classifies the weakness as CWE-190. The NVD record was published on 2017-01-18 a [truncated]
