CVE-2016-8677
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-8677
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8677.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-8677
- Downstream
- Related
- Published
- 2017-02-15T21:59:00Z
- Modified
- 2025-10-15T08:26:58.070630Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
- References
-
- http://lists.opensuse.org/opensuse-updates/2016-10/msg00107.html
- http://www.debian.org/security/2016/dsa-3726
- http://www.openwall.com/lists/oss-security/2016/10/16/1
- http://www.securityfocus.com/bid/93598
- https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
- https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
- https://github.com/ImageMagick/ImageMagick/issues/268
- https://bugzilla.redhat.com/show_bug.cgi?id=1385698
Affected packages
Git / github.com/imagemagick/imagemagick6
Affected ranges
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick6
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/imagemagick/imagemagick
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
6.*
6.9.4-0
6.9.4-1
6.9.4-10
6.9.4-2
6.9.4-3
6.9.4-4
6.9.4-5
6.9.4-6
6.9.4-7
6.9.4-8
6.9.4-9
6.9.5-0
6.9.5-1
6.9.5-2
6.9.5-3
6.9.5-4
6.9.5-5
6.9.5-6
6.9.5-7
6.9.5-8
6.9.5-9
7.*
7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"file": "coders/tiff.c",
"function": "ReadTIFFImage"
},
"signature_version": "v1",
"digest": {
"length": 23909.0,
"function_hash": "314098718556698236916120566738345882805"
},
"deprecated": false,
"source": "https://github.com/imagemagick/imagemagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60",
"id": "CVE-2016-8677-0da7aee0"
},
{
"signature_type": "Line",
"target": {
"file": "coders/tiff.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"84680550373460952967099519825603418337",
"5694236062098787834015223150915129968",
"203684681586396218956605010586970015984",
"136308293311900644223628169018993493153",
"212293181800691785399778873439168583892",
"117625851565268762256032665930213058059",
"63387297301128800594111852883308614370",
"64237483046648517302571804038657046306",
"327173560626947650014968080789957446701",
"149835417969605540960619774812931536868",
"127654393936397486004808695961252400190",
"192415517286728715622219245581705639053",
"214546403752011330371960926060826336990",
"58889587738849316251409381010128459186",
"160222791427931123027126296694475713912",
"169474085817719072873815039033303702345",
"284539390574766893781809129560271625472",
"233029818438904956730455052894989883866",
"202196976226799102067167165978283017242",
"267749070219250420150478545265082655094",
"248607658077159729307410718908149640213",
"249247416675250214269085545857358723936",
"273814999180782611165639836908771254456",
"271617461936264862672065786749894266553",
"204436451440224515784871806493617889661",
"313279751877916181029043117846131851987",
"264805564078992110163849040056508415075",
"172316565097788793979161793865217698627",
"193310051179106649345917450386236247908",
"140540914708916104648312694127933716633",
"156945084809396598085885764515994736428",
"166845043545129985473787791553871437895",
"16005707821783007815482866254495297126",
"39302910621898167293865526273311332327",
"241577464073818297510806051668099941672",
"38473046979376417360575324375761338955",
"155492289074677077727117169812524273798",
"282759871485871863214594353204549806082",
"66537569222379625526399404618003084298",
"125945275722066533530807175180298625545",
"261248131108888352273185049856254184370",
"17367139534308880748090772877723039784",
"172331346000726819592119424659079977650",
"111197687932521447091929246084475902238",
"153688969893109520637594924383060384554",
"303395098964902221509077126705156501391",
"24816265860343153023381369328819519421",
"319304627345980606428549884803606956378",
"90235304969149781427474948990014978503",
"23921849587698291915337337208408547596",
"192662667074854185575001812975185992392",
"16826914779039701165453906990506710383",
"299184792958378065514057238251404410335",
"338945470265633805431696589549251346930",
"9442675838061099327519473990157536235",
"175182537595757964093126165689560553669",
"57117846493309979030431009577131859049",
"14619407287723327699511457680728069262",
"230641358031340643500600545406636633871",
"30693171843785195148055974885065276595",
"217351322143011228484939831065784661491",
"213189864478481014328703349322692322763",
"18739061020690093626427155769453895173",
"38251911347365999146501275615384094761",
"170553469328757332024148515732352053558",
"95452437148455091660862705130467366996",
"184279666162704995449629417272562821124",
"133218215061000229514811930481186953303",
"221605472236257057980001368241814973503",
"186012498768983050533377145133846134047",
"132486793355941607619295069393194344464",
"275765658176708660247917740740722594405",
"68443326878228420143786246570014742837",
"1435186687587740812024418690743498373",
"36401906500132960962132200044489311043",
"203576880230237415715077829278404064328",
"188454350211119284868934591850152046112",
"39318539511691955881565344225750008898",
"145003536360479170562741536352936209369"
]
},
"deprecated": false,
"source": "https://github.com/imagemagick/imagemagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60",
"id": "CVE-2016-8677-4b9e730f"
}
]
}