CVE-2016-10055
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10055
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10055.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-10055
- Downstream
- Related
- Published
- 2017-03-23T17:59:00Z
- Modified
- 2025-10-30T15:50:08.031306Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- References
-
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95193
- https://bugzilla.redhat.com/show_bug.cgi?id=1410464
- https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- https://github.com/ImageMagick/ImageMagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1
Affected packages
Git / github.com/imagemagick/imagemagick6
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
Database specific
vanir_signatures
[
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-09c54feb",
"target": {
"file": "coders/pdb.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"267869016332720483013222119984604307888",
"25012122430529138132327781082819534783",
"103238969231085573114205302564331285938",
"323395032532886453343725611558529016018",
"191026665180056598547663259407621152908",
"134422048600921800387661936290872390478",
"190886996908131019064686742604017330266",
"234094834258744391220827832446431712732"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-13b13939",
"target": {
"function": "sixel_decode",
"file": "coders/sixel.c"
},
"digest": {
"length": 6096.0,
"function_hash": "261753474165299154870797904853341575748"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-3f001190",
"target": {
"function": "WriteGROUP4Image",
"file": "coders/tiff.c"
},
"digest": {
"length": 3130.0,
"function_hash": "123454541452732376725266352710053695960"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-46121fb5",
"target": {
"file": "coders/sixel.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"203797474637118512453972280949163008002",
"252631522870173230376437099860673805346",
"44208813587868199207592630074732361520",
"149273269525605602415495119661029925985",
"12717641883423959947509058685337067856",
"154530113651459018860191365963765349751",
"45414484883271640500535050538999095974",
"188179959842870747001012599030752316599",
"27137799785700216200167927680669825248",
"115173963683043630305634349698332981372",
"34063257903834987917814852781835753838",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"66088025337907396288642815181624851021",
"96644727846481823647205505592743090497",
"34192445873756407746184964863824326527",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"212815029489560545155110862104803560592",
"118304965905861367378515935950543174775",
"142260361347420336167858180373338055597",
"297235610867930922776399444317866505661",
"18748627476741160959729401002901128873",
"269744226649842670185831111368053441346",
"317450005745396139145498718581523478621",
"68833293282146625357762406930341213748"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-51ccdb5c",
"target": {
"file": "coders/pdb.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"267869016332720483013222119984604307888",
"25012122430529138132327781082819534783",
"103238969231085573114205302564331285938",
"323395032532886453343725611558529016018",
"164991534805752835832670328817855577689",
"134422048600921800387661936290872390478",
"190886996908131019064686742604017330266",
"234094834258744391220827832446431712732"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-52f9c2fe",
"target": {
"file": "coders/tiff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"181298372566541220556369532953721936608",
"47516390151822054236233350492875253801",
"247238568002170781529321422191315151485",
"140368857615958154213572079812905855153",
"115823210148357423425140562412591254840"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-7b82f628",
"target": {
"file": "coders/map.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131737762343335338157396135499448713783",
"169307949015573361044403345015270170042",
"34327832098901800673030132546929752160",
"298624110013779679574010680422162837785",
"306441230114169267891548704715383373733",
"246842325239342798184595293373145048907",
"232695631620521674025421197986758604224",
"134487445582269284738743386138095989046",
"185211743431584715355434440653114840981",
"316908471354704175685127901485562665551",
"171911232235964536759895383563007018455",
"244792912806316439851700745062758715459",
"246646011458956328625403371599902416614",
"334066755622168117564961616071979705020",
"194453672907996134597875932939840008646",
"61395089932151206211670747265318770720",
"19583047659817378576853037861063204691",
"18176503185240136381729018046674709679",
"127650075993250985300494051200448362384"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-7de70bf6",
"target": {
"function": "WriteSIXELImage",
"file": "coders/sixel.c"
},
"digest": {
"length": 2920.0,
"function_hash": "169127073229688369561301178527682032745"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-867e21c4",
"target": {
"function": "WriteMAPImage",
"file": "coders/map.c"
},
"digest": {
"length": 2822.0,
"function_hash": "7149632261028492759674543438011315795"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-a30ef421",
"target": {
"function": "WritePDBImage",
"file": "coders/pdb.c"
},
"digest": {
"length": 7066.0,
"function_hash": "43812438829142776637564390059115473281"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-c78de7af",
"target": {
"function": "WriteGROUP4Image",
"file": "coders/tiff.c"
},
"digest": {
"length": 3087.0,
"function_hash": "338430420277475216035256945987118635033"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-ccee5c1a",
"target": {
"function": "WriteMAPImage",
"file": "coders/map.c"
},
"digest": {
"length": 2761.0,
"function_hash": "284167287226955391810203354461600531737"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-d03b0def",
"target": {
"function": "WritePDBImage",
"file": "coders/pdb.c"
},
"digest": {
"length": 7114.0,
"function_hash": "37767012095024599215652254796719614504"
},
"signature_type": "Function"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-ef14f5fe",
"target": {
"file": "coders/sixel.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"203797474637118512453972280949163008002",
"252631522870173230376437099860673805346",
"44208813587868199207592630074732361520",
"149273269525605602415495119661029925985",
"12717641883423959947509058685337067856",
"154530113651459018860191365963765349751",
"45414484883271640500535050538999095974",
"188179959842870747001012599030752316599",
"27137799785700216200167927680669825248",
"115173963683043630305634349698332981372",
"34063257903834987917814852781835753838",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"305628077515582519417470112198182241838",
"38937561146948131342792204897914039731",
"66088025337907396288642815181624851021",
"96644727846481823647205505592743090497",
"34192445873756407746184964863824326527",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"305628077515582519417470112198182241838",
"38937561146948131342792204897914039731",
"212815029489560545155110862104803560592",
"118304965905861367378515935950543174775",
"142260361347420336167858180373338055597",
"297235610867930922776399444317866505661",
"18748627476741160959729401002901128873",
"269744226649842670185831111368053441346",
"317450005745396139145498718581523478621",
"68833293282146625357762406930341213748",
"242139229304324484199677890891999724256",
"14353219918529216909771900969287675405",
"123045483499464472055237476547682307794",
"236947212297531744084101862841905826673"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-fafe875f",
"target": {
"file": "coders/tiff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"297048582775260710252214947650645456572",
"186446544806334968731633930775108842922",
"201528689774793305574221128393668368153",
"171828411070379121503062116483037888097",
"303840071972403566634208928443670508576"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-fc2a7658",
"target": {
"file": "coders/map.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"131737762343335338157396135499448713783",
"169307949015573361044403345015270170042",
"34327832098901800673030132546929752160",
"298624110013779679574010680422162837785",
"306441230114169267891548704715383373733",
"246842325239342798184595293373145048907",
"232695631620521674025421197986758604224",
"134487445582269284738743386138095989046",
"185211743431584715355434440653114840981",
"316908471354704175685127901485562665551",
"171911232235964536759895383563007018455",
"244792912806316439851700745062758715459",
"246646011458956328625403371599902416614",
"334066755622168117564961616071979705020",
"194453672907996134597875932939840008646",
"61395089932151206211670747265318770720",
"19583047659817378576853037861063204691",
"18176503185240136381729018046674709679",
"127650075993250985300494051200448362384"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-10055-fe766af4",
"target": {
"function": "sixel_decode",
"file": "coders/sixel.c"
},
"digest": {
"length": 6096.0,
"function_hash": "261753474165299154870797904853341575748"
},
"signature_type": "Function"
}
]