CVE-2016-10054
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10054
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10054.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-10054
- Downstream
- Related
- Published
- 2017-03-23T17:59:00Z
- Modified
- 2025-10-23T03:53:33.540198Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- References
-
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95191
- https://bugzilla.redhat.com/show_bug.cgi?id=1410462
- https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- https://github.com/ImageMagick/ImageMagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1
Affected packages
Git / github.com/imagemagick/imagemagick
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"267869016332720483013222119984604307888",
"25012122430529138132327781082819534783",
"103238969231085573114205302564331285938",
"323395032532886453343725611558529016018",
"191026665180056598547663259407621152908",
"134422048600921800387661936290872390478",
"190886996908131019064686742604017330266",
"234094834258744391220827832446431712732"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-09c54feb",
"target": {
"file": "coders/pdb.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "261753474165299154870797904853341575748",
"length": 6096.0
},
"id": "CVE-2016-10054-13b13939",
"target": {
"file": "coders/sixel.c",
"function": "sixel_decode"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "123454541452732376725266352710053695960",
"length": 3130.0
},
"id": "CVE-2016-10054-3f001190",
"target": {
"file": "coders/tiff.c",
"function": "WriteGROUP4Image"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"203797474637118512453972280949163008002",
"252631522870173230376437099860673805346",
"44208813587868199207592630074732361520",
"149273269525605602415495119661029925985",
"12717641883423959947509058685337067856",
"154530113651459018860191365963765349751",
"45414484883271640500535050538999095974",
"188179959842870747001012599030752316599",
"27137799785700216200167927680669825248",
"115173963683043630305634349698332981372",
"34063257903834987917814852781835753838",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"66088025337907396288642815181624851021",
"96644727846481823647205505592743090497",
"34192445873756407746184964863824326527",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"212815029489560545155110862104803560592",
"118304965905861367378515935950543174775",
"142260361347420336167858180373338055597",
"297235610867930922776399444317866505661",
"18748627476741160959729401002901128873",
"269744226649842670185831111368053441346",
"317450005745396139145498718581523478621",
"68833293282146625357762406930341213748"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-46121fb5",
"target": {
"file": "coders/sixel.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"267869016332720483013222119984604307888",
"25012122430529138132327781082819534783",
"103238969231085573114205302564331285938",
"323395032532886453343725611558529016018",
"164991534805752835832670328817855577689",
"134422048600921800387661936290872390478",
"190886996908131019064686742604017330266",
"234094834258744391220827832446431712732"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-51ccdb5c",
"target": {
"file": "coders/pdb.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"181298372566541220556369532953721936608",
"47516390151822054236233350492875253801",
"247238568002170781529321422191315151485",
"140368857615958154213572079812905855153",
"115823210148357423425140562412591254840"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-52f9c2fe",
"target": {
"file": "coders/tiff.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"131737762343335338157396135499448713783",
"169307949015573361044403345015270170042",
"34327832098901800673030132546929752160",
"298624110013779679574010680422162837785",
"306441230114169267891548704715383373733",
"246842325239342798184595293373145048907",
"232695631620521674025421197986758604224",
"134487445582269284738743386138095989046",
"185211743431584715355434440653114840981",
"316908471354704175685127901485562665551",
"171911232235964536759895383563007018455",
"244792912806316439851700745062758715459",
"246646011458956328625403371599902416614",
"334066755622168117564961616071979705020",
"194453672907996134597875932939840008646",
"61395089932151206211670747265318770720",
"19583047659817378576853037861063204691",
"18176503185240136381729018046674709679",
"127650075993250985300494051200448362384"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-7b82f628",
"target": {
"file": "coders/map.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "169127073229688369561301178527682032745",
"length": 2920.0
},
"id": "CVE-2016-10054-7de70bf6",
"target": {
"file": "coders/sixel.c",
"function": "WriteSIXELImage"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "7149632261028492759674543438011315795",
"length": 2822.0
},
"id": "CVE-2016-10054-867e21c4",
"target": {
"file": "coders/map.c",
"function": "WriteMAPImage"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "43812438829142776637564390059115473281",
"length": 7066.0
},
"id": "CVE-2016-10054-a30ef421",
"target": {
"file": "coders/pdb.c",
"function": "WritePDBImage"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "338430420277475216035256945987118635033",
"length": 3087.0
},
"id": "CVE-2016-10054-c78de7af",
"target": {
"file": "coders/tiff.c",
"function": "WriteGROUP4Image"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "284167287226955391810203354461600531737",
"length": 2761.0
},
"id": "CVE-2016-10054-ccee5c1a",
"target": {
"file": "coders/map.c",
"function": "WriteMAPImage"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "37767012095024599215652254796719614504",
"length": 7114.0
},
"id": "CVE-2016-10054-d03b0def",
"target": {
"file": "coders/pdb.c",
"function": "WritePDBImage"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"203797474637118512453972280949163008002",
"252631522870173230376437099860673805346",
"44208813587868199207592630074732361520",
"149273269525605602415495119661029925985",
"12717641883423959947509058685337067856",
"154530113651459018860191365963765349751",
"45414484883271640500535050538999095974",
"188179959842870747001012599030752316599",
"27137799785700216200167927680669825248",
"115173963683043630305634349698332981372",
"34063257903834987917814852781835753838",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"305628077515582519417470112198182241838",
"38937561146948131342792204897914039731",
"66088025337907396288642815181624851021",
"96644727846481823647205505592743090497",
"34192445873756407746184964863824326527",
"313888808292524602711812811762590074254",
"271964816528902453734045899088741099290",
"82691443967179425023600027002291027935",
"337960590474988498679301956753749001914",
"184220888992643894013045065585643595111",
"64167273201742553502523204772433422154",
"305628077515582519417470112198182241838",
"38937561146948131342792204897914039731",
"212815029489560545155110862104803560592",
"118304965905861367378515935950543174775",
"142260361347420336167858180373338055597",
"297235610867930922776399444317866505661",
"18748627476741160959729401002901128873",
"269744226649842670185831111368053441346",
"317450005745396139145498718581523478621",
"68833293282146625357762406930341213748",
"242139229304324484199677890891999724256",
"14353219918529216909771900969287675405",
"123045483499464472055237476547682307794",
"236947212297531744084101862841905826673"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-ef14f5fe",
"target": {
"file": "coders/sixel.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"297048582775260710252214947650645456572",
"186446544806334968731633930775108842922",
"201528689774793305574221128393668368153",
"171828411070379121503062116483037888097",
"303840071972403566634208928443670508576"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-fafe875f",
"target": {
"file": "coders/tiff.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"131737762343335338157396135499448713783",
"169307949015573361044403345015270170042",
"34327832098901800673030132546929752160",
"298624110013779679574010680422162837785",
"306441230114169267891548704715383373733",
"246842325239342798184595293373145048907",
"232695631620521674025421197986758604224",
"134487445582269284738743386138095989046",
"185211743431584715355434440653114840981",
"316908471354704175685127901485562665551",
"171911232235964536759895383563007018455",
"244792912806316439851700745062758715459",
"246646011458956328625403371599902416614",
"334066755622168117564961616071979705020",
"194453672907996134597875932939840008646",
"61395089932151206211670747265318770720",
"19583047659817378576853037861063204691",
"18176503185240136381729018046674709679",
"127650075993250985300494051200448362384"
],
"threshold": 0.9
},
"id": "CVE-2016-10054-fc2a7658",
"target": {
"file": "coders/map.c"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "261753474165299154870797904853341575748",
"length": 6096.0
},
"id": "CVE-2016-10054-fe766af4",
"target": {
"file": "coders/sixel.c",
"function": "sixel_decode"
},
"source": "https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
}
]