{"id":"CVE-2016-10059","details":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.","modified":"2026-05-15T10:30:33.249123Z","published":"2017-03-23T17:59:00.797Z","related":["SUSE-SU-2017:0518-1","SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95206"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410469"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"58cf5bf4fade82e3b510e8f3463a967278a3e410"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"vanir_signatures":[{"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410","id":"CVE-2016-10059-327e22b0","digest":{"function_hash":"46844506430865017157779661333331991959","length":22985},"target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"signature_type":"Function","signature_version":"v1","deprecated":false},{"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410","id":"CVE-2016-10059-6a8cf1af","digest":{"threshold":0.9,"line_hashes":["30084234567020470244921781857671344244","46917590751996641588394695207195500099","142676019889728145191261000839290450224","270302288927828745745005357868389931743","85297856614803582436110873697226801800"]},"target":{"file":"coders/jpeg.c"},"signature_type":"Line","signature_version":"v1","deprecated":false},{"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410","id":"CVE-2016-10059-9fd9f146","digest":{"threshold":0.9,"line_hashes":["306347563246860832379968629154438407220","322746736395994799549064672264417146918","111441152033057223604311816348659031877","315123091794439334288278428368018156190","256277737091639211646941759846973747143","52929853092328943966989262005895798708","263642969953254076559218964991482558536","197495466917042746199095003208821181530","42100060933742766084748798323331643049"]},"target":{"file":"coders/tiff.c"},"signature_type":"Line","signature_version":"v1","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10059.json","vanir_signatures_modified":"2026-05-15T10:30:33Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"4bae9bed8a79e031884ca9a4681dce89dbd26855"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"6.9.4-0"}],"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"}}],"versions":["6.9.4-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10059.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}