CVE-2016-10052

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10052
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10052.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10052
Downstream
Related
Published
2017-03-23T17:59:00Z
Modified
2025-09-16T06:11:19.858576Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

References

Affected packages

Debian:11 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.6.2+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.6.2+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.6.2+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/debian/imagemagick?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.9.6.2+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
13267a10845a8dadabed63072b537f050cec6daa
Fixed
9e187b73a8a1290bb0e1a1c878f8be1917aa8742
Type
GIT
Repo
https://github.com/imagemagick/imagemagick6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
839128db329afbe0195137820266efbf7de9baf7

Affected versions

6.*

6.9.4-0
6.9.4-1
6.9.4-10
6.9.4-2
6.9.4-3
6.9.4-4
6.9.4-5
6.9.4-6
6.9.4-7
6.9.4-8
6.9.4-9
6.9.5-0
6.9.5-1
6.9.5-2
6.9.5-3
6.9.5-4
6.9.5-5

7.*

7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "function": "WriteProfile",
                "file": "coders/jpeg.c"
            },
            "digest": {
                "length": 2731.0,
                "function_hash": "89483627372646893280161877103821439769"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/13267a10845a8dadabed63072b537f050cec6daa",
            "id": "CVE-2016-10052-13c687ea",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "coders/jpeg.c"
            },
            "digest": {
                "line_hashes": [
                    "56253162425445806751265001462817591569",
                    "132433403060272297246172142265625644524",
                    "5356819118163748134532570151435727124",
                    "197503473518008425774069524686615739526",
                    "334212436599765243090702753815008909117",
                    "127761982813903155632866629117701813149",
                    "66870368767365105566205587462762060839",
                    "16688268606783051239657333687261079209",
                    "236791906238400667519590912992689163496",
                    "93071636781764418203473928117278666211",
                    "293173508704888306060391319407728935174",
                    "268175543057563803639738747044076770706",
                    "268036570827673594746855874052669415134",
                    "131912113798070893418969902990370204799",
                    "270569316663015586546900134358477019477"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/13267a10845a8dadabed63072b537f050cec6daa",
            "id": "CVE-2016-10052-3c5fa106",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "WriteJPEGImage",
                "file": "coders/jpeg.c"
            },
            "digest": {
                "length": 19360.0,
                "function_hash": "260592553904765170044518643276576524292"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/13267a10845a8dadabed63072b537f050cec6daa",
            "id": "CVE-2016-10052-68a3ed0e",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "coders/jpeg.c"
            },
            "digest": {
                "line_hashes": [
                    "113843996922438976717064988881421579927",
                    "58774743768408380779961446878324363023",
                    "66870368767365105566205587462762060839",
                    "16688268606783051239657333687261079209",
                    "236791906238400667519590912992689163496",
                    "93071636781764418203473928117278666211",
                    "293173508704888306060391319407728935174"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742",
            "id": "CVE-2016-10052-c7d7b927",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "target": {
                "function": "WriteProfile",
                "file": "coders/jpeg.c"
            },
            "digest": {
                "length": 2731.0,
                "function_hash": "4432838161033079885271334110517193327"
            },
            "signature_version": "v1",
            "source": "https://github.com/imagemagick/imagemagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742",
            "id": "CVE-2016-10052-ea847e27",
            "signature_type": "Function",
            "deprecated": false
        }
    ]
}