{"id":"CVE-2016-10064","details":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.","modified":"2026-04-11T19:42:27.504471Z","published":"2017-03-02T21:59:00.380Z","related":["SUSE-SU-2017:0518-1","SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"42.1"}],"cpe":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95211"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410478"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/63302366a63602acbaad5c8223a105811b2adddd"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"63302366a63602acbaad5c8223a105811b2adddd"},{"fixed":"f8877abac8e568b2f339cca70c2c3c1b6eaec288"}],"database_specific":{"source":"REFERENCES"}}],"versions":["7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-2"],"database_specific":{"vanir_signatures":[{"target":{"file":"coders/tiff.c"},"id":"CVE-2016-10064-0b414748","digest":{"threshold":0.9,"line_hashes":["40277545685285361706803062925460540903","87607866293805462587326939070486197264","170664217860743298238293128044222360934","325023940534464145106330948004468795132","190330425557198804071851971925292316527","111253243599836001395939712469288055400","103780867721283330152124114944292791528","301857112817375956273876996294082513247","262521705954279201608811740148683679836","117625851565268762256032665930213058059","271878258107868133526410998605493084351","191684520993441014191564142826599823008","310592739957817914907826901314177507791","284818067929313898351747432729529682784","183355850136105927078949211707251985820","240874538646597091272449456320894979486","31670805367637193340086030489486681838","16991103846384397547291576447724719782","301857112817375956273876996294082513247","262521705954279201608811740148683679836","311674904509084936395543699801905058080","91271902873716553349762953105998170718","198707712621410796344301423632922983345","132338864859884463566697447977005503304","65989237968877883464528865459798909499"]},"source":"https://github.com/imagemagick/imagemagick/commit/63302366a63602acbaad5c8223a105811b2adddd","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"target":{"file":"coders/tiff.c"},"id":"CVE-2016-10064-4e13a0db","digest":{"threshold":0.9,"line_hashes":["59826860546247841501285593641871537300","120019537611619820737868857281789731785","272360071468173971920802197128362869834","107259120421786409297265061990566666003","252162973445919023563707502554564370859","93233464705757012018320838430198192209","103780867721283330152124114944292791528","301857112817375956273876996294082513247","262521705954279201608811740148683679836","117625851565268762256032665930213058059","43353023585077889047353140891558235990","214931751757210767112321314143431150464","54110274200021577853726466152116495824","191738995235776576588318712995228528907","268085839746978871175949884173893704345","240874538646597091272449456320894979486","31670805367637193340086030489486681838","16991103846384397547291576447724719782","301857112817375956273876996294082513247","262521705954279201608811740148683679836","117625851565268762256032665930213058059","311843101312631311508955450096831682892","130746086686425062203684007382377060594","332643314117712075246924314082516433009","295729183686487865633523351057276721889","137726742421698579658263187456567271281"]},"source":"https://github.com/imagemagick/imagemagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"id":"CVE-2016-10064-560e27cd","digest":{"function_hash":"252475098793266569612414011464287303793","length":23155},"source":"https://github.com/imagemagick/imagemagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"id":"CVE-2016-10064-6c2bb24d","digest":{"function_hash":"151747929654361042470152422400214563452","length":23919},"source":"https://github.com/imagemagick/imagemagick/commit/63302366a63602acbaad5c8223a105811b2adddd","signature_version":"v1","deprecated":false,"signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T19:42:27Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10064.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"54a5700dc60ace7029127dd70259729294756855"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"6.9.5-0"}],"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10064.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}