CVE-2016-8677

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-8677
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8677.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-8677
Downstream
Related
Published
2017-02-15T21:59:00Z
Modified
2025-10-28T23:55:58.814528Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6e48aa92ff4e6e95424300ecd52a9ea453c19c60

Affected versions

7.*

7.0.1-0
7.0.1-1
7.0.1-10
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.0.1-7
7.0.1-8
7.0.1-9
7.0.2-0
7.0.2-1
7.0.2-10
7.0.2-2
7.0.2-3
7.0.2-4
7.0.2-5
7.0.2-6
7.0.2-7
7.0.2-8
7.0.2-9
7.0.3-0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2016-8677-0da7aee0",
        "target": {
            "file": "coders/tiff.c",
            "function": "ReadTIFFImage"
        },
        "digest": {
            "function_hash": "314098718556698236916120566738345882805",
            "length": 23909.0
        },
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60",
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-8677-4b9e730f",
        "target": {
            "file": "coders/tiff.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "84680550373460952967099519825603418337",
                "5694236062098787834015223150915129968",
                "203684681586396218956605010586970015984",
                "136308293311900644223628169018993493153",
                "212293181800691785399778873439168583892",
                "117625851565268762256032665930213058059",
                "63387297301128800594111852883308614370",
                "64237483046648517302571804038657046306",
                "327173560626947650014968080789957446701",
                "149835417969605540960619774812931536868",
                "127654393936397486004808695961252400190",
                "192415517286728715622219245581705639053",
                "214546403752011330371960926060826336990",
                "58889587738849316251409381010128459186",
                "160222791427931123027126296694475713912",
                "169474085817719072873815039033303702345",
                "284539390574766893781809129560271625472",
                "233029818438904956730455052894989883866",
                "202196976226799102067167165978283017242",
                "267749070219250420150478545265082655094",
                "248607658077159729307410718908149640213",
                "249247416675250214269085545857358723936",
                "273814999180782611165639836908771254456",
                "271617461936264862672065786749894266553",
                "204436451440224515784871806493617889661",
                "313279751877916181029043117846131851987",
                "264805564078992110163849040056508415075",
                "172316565097788793979161793865217698627",
                "193310051179106649345917450386236247908",
                "140540914708916104648312694127933716633",
                "156945084809396598085885764515994736428",
                "166845043545129985473787791553871437895",
                "16005707821783007815482866254495297126",
                "39302910621898167293865526273311332327",
                "241577464073818297510806051668099941672",
                "38473046979376417360575324375761338955",
                "155492289074677077727117169812524273798",
                "282759871485871863214594353204549806082",
                "66537569222379625526399404618003084298",
                "125945275722066533530807175180298625545",
                "261248131108888352273185049856254184370",
                "17367139534308880748090772877723039784",
                "172331346000726819592119424659079977650",
                "111197687932521447091929246084475902238",
                "153688969893109520637594924383060384554",
                "303395098964902221509077126705156501391",
                "24816265860343153023381369328819519421",
                "319304627345980606428549884803606956378",
                "90235304969149781427474948990014978503",
                "23921849587698291915337337208408547596",
                "192662667074854185575001812975185992392",
                "16826914779039701165453906990506710383",
                "299184792958378065514057238251404410335",
                "338945470265633805431696589549251346930",
                "9442675838061099327519473990157536235",
                "175182537595757964093126165689560553669",
                "57117846493309979030431009577131859049",
                "14619407287723327699511457680728069262",
                "230641358031340643500600545406636633871",
                "30693171843785195148055974885065276595",
                "217351322143011228484939831065784661491",
                "213189864478481014328703349322692322763",
                "18739061020690093626427155769453895173",
                "38251911347365999146501275615384094761",
                "170553469328757332024148515732352053558",
                "95452437148455091660862705130467366996",
                "184279666162704995449629417272562821124",
                "133218215061000229514811930481186953303",
                "221605472236257057980001368241814973503",
                "186012498768983050533377145133846134047",
                "132486793355941607619295069393194344464",
                "275765658176708660247917740740722594405",
                "68443326878228420143786246570014742837",
                "1435186687587740812024418690743498373",
                "36401906500132960962132200044489311043",
                "203576880230237415715077829278404064328",
                "188454350211119284868934591850152046112",
                "39318539511691955881565344225750008898",
                "145003536360479170562741536352936209369"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/imagemagick/imagemagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60",
        "deprecated": false
    }
]

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type
GIT
Repo
https://github.com/imagemagick/imagemagick6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
01023fb3baf01873fbea7633772b6fb91f225c47

Affected versions

6.*

6.9.4-0
6.9.4-1
6.9.4-10
6.9.4-2
6.9.4-3
6.9.4-4
6.9.4-5
6.9.4-6
6.9.4-7
6.9.4-8
6.9.4-9
6.9.5-0
6.9.5-1
6.9.5-2
6.9.5-3
6.9.5-4
6.9.5-5
6.9.5-6
6.9.5-7
6.9.5-8
6.9.5-9