CVE-2016-10057

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10057
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10057.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10057
Downstream
Related
Published
2017-03-23T17:59:00Z
Modified
2025-10-10T00:17:57.970139Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
10b3823a7619ed22d42764733eb052c4159bc8c1
Fixed
eedd0c35bb2d8af7aa05f215689fdebd11633fa1
Type
GIT
Repo
https://github.com/imagemagick/imagemagick6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9b9ebc94edd86c3508365cc84317fdd6c2ef311

Affected versions

6.*

6.9.4-0
6.9.4-1
6.9.4-10
6.9.4-2
6.9.4-3
6.9.4-4
6.9.4-5
6.9.4-6
6.9.4-7
6.9.4-8
6.9.4-9
6.9.5-0
6.9.5-1
6.9.5-2
6.9.5-3
6.9.5-4
6.9.5-5
6.9.5-6
6.9.5-7

7.*

7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2016-10057-09c54feb",
            "digest": {
                "line_hashes": [
                    "267869016332720483013222119984604307888",
                    "25012122430529138132327781082819534783",
                    "103238969231085573114205302564331285938",
                    "323395032532886453343725611558529016018",
                    "191026665180056598547663259407621152908",
                    "134422048600921800387661936290872390478",
                    "190886996908131019064686742604017330266",
                    "234094834258744391220827832446431712732"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "file": "coders/pdb.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-13b13939",
            "digest": {
                "length": 6096.0,
                "function_hash": "261753474165299154870797904853341575748"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "function": "sixel_decode",
                "file": "coders/sixel.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-3f001190",
            "digest": {
                "length": 3130.0,
                "function_hash": "123454541452732376725266352710053695960"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "function": "WriteGROUP4Image",
                "file": "coders/tiff.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-46121fb5",
            "digest": {
                "line_hashes": [
                    "203797474637118512453972280949163008002",
                    "252631522870173230376437099860673805346",
                    "44208813587868199207592630074732361520",
                    "149273269525605602415495119661029925985",
                    "12717641883423959947509058685337067856",
                    "154530113651459018860191365963765349751",
                    "45414484883271640500535050538999095974",
                    "188179959842870747001012599030752316599",
                    "27137799785700216200167927680669825248",
                    "115173963683043630305634349698332981372",
                    "34063257903834987917814852781835753838",
                    "313888808292524602711812811762590074254",
                    "271964816528902453734045899088741099290",
                    "82691443967179425023600027002291027935",
                    "337960590474988498679301956753749001914",
                    "184220888992643894013045065585643595111",
                    "64167273201742553502523204772433422154",
                    "66088025337907396288642815181624851021",
                    "96644727846481823647205505592743090497",
                    "34192445873756407746184964863824326527",
                    "313888808292524602711812811762590074254",
                    "271964816528902453734045899088741099290",
                    "82691443967179425023600027002291027935",
                    "337960590474988498679301956753749001914",
                    "184220888992643894013045065585643595111",
                    "64167273201742553502523204772433422154",
                    "212815029489560545155110862104803560592",
                    "118304965905861367378515935950543174775",
                    "142260361347420336167858180373338055597",
                    "297235610867930922776399444317866505661",
                    "18748627476741160959729401002901128873",
                    "269744226649842670185831111368053441346",
                    "317450005745396139145498718581523478621",
                    "68833293282146625357762406930341213748"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "file": "coders/sixel.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-51ccdb5c",
            "digest": {
                "line_hashes": [
                    "267869016332720483013222119984604307888",
                    "25012122430529138132327781082819534783",
                    "103238969231085573114205302564331285938",
                    "323395032532886453343725611558529016018",
                    "164991534805752835832670328817855577689",
                    "134422048600921800387661936290872390478",
                    "190886996908131019064686742604017330266",
                    "234094834258744391220827832446431712732"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "file": "coders/pdb.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-52f9c2fe",
            "digest": {
                "line_hashes": [
                    "181298372566541220556369532953721936608",
                    "47516390151822054236233350492875253801",
                    "247238568002170781529321422191315151485",
                    "140368857615958154213572079812905855153",
                    "115823210148357423425140562412591254840"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "file": "coders/tiff.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-7b82f628",
            "digest": {
                "line_hashes": [
                    "131737762343335338157396135499448713783",
                    "169307949015573361044403345015270170042",
                    "34327832098901800673030132546929752160",
                    "298624110013779679574010680422162837785",
                    "306441230114169267891548704715383373733",
                    "246842325239342798184595293373145048907",
                    "232695631620521674025421197986758604224",
                    "134487445582269284738743386138095989046",
                    "185211743431584715355434440653114840981",
                    "316908471354704175685127901485562665551",
                    "171911232235964536759895383563007018455",
                    "244792912806316439851700745062758715459",
                    "246646011458956328625403371599902416614",
                    "334066755622168117564961616071979705020",
                    "194453672907996134597875932939840008646",
                    "61395089932151206211670747265318770720",
                    "19583047659817378576853037861063204691",
                    "18176503185240136381729018046674709679",
                    "127650075993250985300494051200448362384"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "file": "coders/map.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-7de70bf6",
            "digest": {
                "length": 2920.0,
                "function_hash": "169127073229688369561301178527682032745"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "function": "WriteSIXELImage",
                "file": "coders/sixel.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-867e21c4",
            "digest": {
                "length": 2822.0,
                "function_hash": "7149632261028492759674543438011315795"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "function": "WriteMAPImage",
                "file": "coders/map.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-a30ef421",
            "digest": {
                "length": 7066.0,
                "function_hash": "43812438829142776637564390059115473281"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "function": "WritePDBImage",
                "file": "coders/pdb.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-c78de7af",
            "digest": {
                "length": 3087.0,
                "function_hash": "338430420277475216035256945987118635033"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "function": "WriteGROUP4Image",
                "file": "coders/tiff.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-ccee5c1a",
            "digest": {
                "length": 2761.0,
                "function_hash": "284167287226955391810203354461600531737"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "function": "WriteMAPImage",
                "file": "coders/map.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-d03b0def",
            "digest": {
                "length": 7114.0,
                "function_hash": "37767012095024599215652254796719614504"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "function": "WritePDBImage",
                "file": "coders/pdb.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-10057-ef14f5fe",
            "digest": {
                "line_hashes": [
                    "203797474637118512453972280949163008002",
                    "252631522870173230376437099860673805346",
                    "44208813587868199207592630074732361520",
                    "149273269525605602415495119661029925985",
                    "12717641883423959947509058685337067856",
                    "154530113651459018860191365963765349751",
                    "45414484883271640500535050538999095974",
                    "188179959842870747001012599030752316599",
                    "27137799785700216200167927680669825248",
                    "115173963683043630305634349698332981372",
                    "34063257903834987917814852781835753838",
                    "313888808292524602711812811762590074254",
                    "271964816528902453734045899088741099290",
                    "82691443967179425023600027002291027935",
                    "337960590474988498679301956753749001914",
                    "184220888992643894013045065585643595111",
                    "64167273201742553502523204772433422154",
                    "305628077515582519417470112198182241838",
                    "38937561146948131342792204897914039731",
                    "66088025337907396288642815181624851021",
                    "96644727846481823647205505592743090497",
                    "34192445873756407746184964863824326527",
                    "313888808292524602711812811762590074254",
                    "271964816528902453734045899088741099290",
                    "82691443967179425023600027002291027935",
                    "337960590474988498679301956753749001914",
                    "184220888992643894013045065585643595111",
                    "64167273201742553502523204772433422154",
                    "305628077515582519417470112198182241838",
                    "38937561146948131342792204897914039731",
                    "212815029489560545155110862104803560592",
                    "118304965905861367378515935950543174775",
                    "142260361347420336167858180373338055597",
                    "297235610867930922776399444317866505661",
                    "18748627476741160959729401002901128873",
                    "269744226649842670185831111368053441346",
                    "317450005745396139145498718581523478621",
                    "68833293282146625357762406930341213748",
                    "242139229304324484199677890891999724256",
                    "14353219918529216909771900969287675405",
                    "123045483499464472055237476547682307794",
                    "236947212297531744084101862841905826673"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
            "target": {
                "file": "coders/sixel.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-fafe875f",
            "digest": {
                "line_hashes": [
                    "297048582775260710252214947650645456572",
                    "186446544806334968731633930775108842922",
                    "201528689774793305574221128393668368153",
                    "171828411070379121503062116483037888097",
                    "303840071972403566634208928443670508576"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "file": "coders/tiff.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-fc2a7658",
            "digest": {
                "line_hashes": [
                    "131737762343335338157396135499448713783",
                    "169307949015573361044403345015270170042",
                    "34327832098901800673030132546929752160",
                    "298624110013779679574010680422162837785",
                    "306441230114169267891548704715383373733",
                    "246842325239342798184595293373145048907",
                    "232695631620521674025421197986758604224",
                    "134487445582269284738743386138095989046",
                    "185211743431584715355434440653114840981",
                    "316908471354704175685127901485562665551",
                    "171911232235964536759895383563007018455",
                    "244792912806316439851700745062758715459",
                    "246646011458956328625403371599902416614",
                    "334066755622168117564961616071979705020",
                    "194453672907996134597875932939840008646",
                    "61395089932151206211670747265318770720",
                    "19583047659817378576853037861063204691",
                    "18176503185240136381729018046674709679",
                    "127650075993250985300494051200448362384"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "file": "coders/map.c"
            },
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-10057-fe766af4",
            "digest": {
                "length": 6096.0,
                "function_hash": "261753474165299154870797904853341575748"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
            "target": {
                "function": "sixel_decode",
                "file": "coders/sixel.c"
            },
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}