CVE-2016-5691

Name: CVE-2016-5691
Creator: NVD / NIST
Published: 2016-12-13T15:59:04.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.49%

Last modified Jun 17, 2026

CVE-2016-5691 is a vulnerability of currently unknown severity. The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.. EPSS estimates a 5.49% chance of exploitation in the next 30 days.

Description

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.

Metrics

EPSS Probability

5.49%

91.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Oracle	Solaris	11.3
Imagemagick	Imagemagick	<= 6.9.4-4
Imagemagick	Imagemagick	7.0.1-0
Imagemagick	Imagemagick	7.0.1-1
Imagemagick	Imagemagick	7.0.1-2
Imagemagick	Imagemagick	7.0.1-3
Imagemagick	Imagemagick	7.0.1-4
Imagemagick	Imagemagick	7.0.1-5
Imagemagick	Imagemagick	7.0.1-6

References

http://www.openwall.com/lists/oss-security/2016/06/14/5Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/3Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
http://www.securityfocus.com/bid/91283Third Party Advisory, VDB Entry
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLogRelease Notes, Vendor Advisory
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLogRelease Notes, Vendor Advisory
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665dExploit, Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/06/14/5Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/17/3Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
http://www.securityfocus.com/bid/91283Third Party Advisory, VDB Entry
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLogRelease Notes, Vendor Advisory
https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLogRelease Notes, Vendor Advisory
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665dExploit, Vendor Advisory

Timeline

Published: Dec 13, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-5691?

How severe is CVE-2016-5691?

Severity scoring for CVE-2016-5691 is pending analysis. The EPSS model estimates a 5.49% probability of exploitation in the next 30 days.

How do I fix CVE-2016-5691?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-5691?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST