CVE-2016-7523: 
ImageMagick vulnerability analysis and mitigation

CVE-2016-7523 is a vulnerability discovered in ImageMagick's coders/meta.c component that allows remote attackers to cause a denial of service through an out-of-bounds read via a crafted file. The vulnerability was discovered on January 24, 2016, and was publicly disclosed in September 2016 (Launchpad Bug, NVD).

The vulnerability is specifically located in the parse8BIM function within coders/meta.c at line 496. When processing certain crafted files, the function performs an out-of-bounds read operation of size 1, which triggers a heap-buffer-overflow. This was confirmed through AddressSanitizer testing, which identified the overflow occurring at address 0xb2f02be0 (Launchpad Bug). The vulnerability has been assigned a CVSS v3 Base Score of 6.5, indicating a medium severity level (AttackerKB).

The exploitation of this vulnerability results in a denial of service condition through an out-of-bounds read operation. The impact is limited to availability, with no reported effects on confidentiality or integrity of the system (NVD).

Red Hat Product Security has rated this issue as having Low security impact and stated it was not planned to be addressed in future updates (Red Hat Bugzilla). However, the issue was fixed in ImageMagick version 8:6.9.6.6+dfsg-1ubuntu3 for Ubuntu systems (Launchpad Bug).