{"id":"CVE-2016-10067","details":"magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving \"too many exceptions,\" which trigger a buffer overflow.","modified":"2026-05-15T10:30:37.850071Z","published":"2017-03-02T21:59:00.443Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95220"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410494"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"0474237508f39c4f783208123431815f1ededb76"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"vanir_signatures_modified":"2026-05-15T10:30:37Z","vanir_signatures":[{"target":{"file":"coders/label.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Line","digest":{"line_hashes":["108607596337284873438713357942574930214","237633640835997944068952276706033608549","120807976248275480082856013548573521133","118897056398172557493628946078783779803","121223272467362147315834562595814232384","179335662439473171314695401001724041771","113873992360146063094212461777552822983","333922816641655046025748233356858913110","266267152514014186465320715871393728081","214412374285936925203816822958700918856","339353674543151414102460601934362813929","276845728028218299557575875494509398560","319541286409470569834530754937755068660","181731089802856310941619364384460989067","151547825222425517076884105575962808811"],"threshold":0.9},"id":"CVE-2016-10067-01801c0e","deprecated":false},{"target":{"file":"coders/viff.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Line","digest":{"line_hashes":["53787206279956202573671648496373016982","303516244542161883898920977145995064550","338667304928875696497022151079025015668","100985721311873205735363948094157127540","178158921106307629965529446786227195582","264207837489299956477613472589324079359","219354439851894461231981041107404293418","140535064203036670945300308113704356240","97349473963225920214940921589276250258","70090426918024051190773131812080074789","58645192621437736588711862293458866179","61314721810164076511379943107005253732","39699842088300623940374935683762797382","117095571284158819035524065504355536566","258007135289899567879324305484487390534","223845886969433362549586221023178023767","326978410136234277987615209375128600520","306444017120264752737509354588958303623","28545087243879278159816660121724531915","129676858489907891740588352079519765189","201053315912106487633772625961710441222","250821574545648720251097230628459156454","25054909255721746442188097154651468396","246607835063806645547394756362769139898","258997824493927227887749480366250166470","200327508670429439347903671429577287537"],"threshold":0.9},"id":"CVE-2016-10067-1e67b3ac","deprecated":false},{"target":{"function":"CheckMemoryOverflow","file":"magick/memory.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Function","digest":{"length":225,"function_hash":"307925872377087016446741724910969115367"},"id":"CVE-2016-10067-2d9dd53b","deprecated":false},{"target":{"function":"CheckMemoryOverflow","file":"coders/viff.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Function","digest":{"length":225,"function_hash":"307925872377087016446741724910969115367"},"id":"CVE-2016-10067-67c495cb","deprecated":false},{"target":{"file":"magick/memory.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Line","digest":{"line_hashes":["288554417113392843063944906536847778994","266238974516358030216152831934984587793","297935054960007214342408779001958397486","100985721311873205735363948094157127540","178158921106307629965529446786227195582","264207837489299956477613472589324079359","219354439851894461231981041107404293418","140535064203036670945300308113704356240","97349473963225920214940921589276250258","70090426918024051190773131812080074789","58645192621437736588711862293458866179","61314721810164076511379943107005253732","39699842088300623940374935683762797382","209622836300486528984667550194657566485","11910165410541749809231702517434511206","142368951571918335197043179485017177620","73190787010645692566280159822612513046","81250572606301466650314107025662053158","126596611108158729076549189697886747381","125640168392645451961003129459089052203","31043014141004938524514335861787050498","97729858875299111212715046913089563727","110718064199481662198301174729625367364","56359161671424950468264254872444436745","174393673240881518968981202671788981440","198194260308463205784828033953225088269","265659351690763809336263955494958094130","143257050742607329286151269639705210590","172677337797412220142258499668451977500","5715707803946165505867541198185010626","286761992254603781564111454482898118399","31043014141004938524514335861787050498","160062095623018238254576721928066562589","37120292623600446376840229629322149825","27392999917083770160978857971615169089"],"threshold":0.9},"id":"CVE-2016-10067-6e4854b8","deprecated":false},{"target":{"file":"magick/exception.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Line","digest":{"line_hashes":["202935799622310075340785417743766074224","226323798185080932130992804315249843247","57742649170761079362837749058095914311","204318077949300039755051142459070276437","55600058602503287623223921354378400578","86523852709779180855267222453944400513","38970680458556342418243341609934766628","15880177136517718166836114526319861647","170345292602722490836399326760739745993","130931443616747959215929175758247735561","92422542924647134950770009168117962116","77074365793088914454074111566598370691","268458383481560621607154736696875825582","334346319698806593949681098196923495241","224927926144911684702565965448291253749","80187538749638318263659268852598630028","20398501257197782315296132354572706942"],"threshold":0.9},"id":"CVE-2016-10067-b40250a2","deprecated":false},{"target":{"function":"ReadLABELImage","file":"coders/label.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Function","digest":{"length":4241,"function_hash":"166116811364854504844705288607638663177"},"id":"CVE-2016-10067-c09706e1","deprecated":false},{"target":{"function":"CatchException","file":"magick/exception.c"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Function","digest":{"length":964,"function_hash":"119080263127803556733543282937685056962"},"id":"CVE-2016-10067-dda1791a","deprecated":false},{"target":{"file":"magick/memory-private.h"},"signature_version":"v1","source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","signature_type":"Line","digest":{"line_hashes":["61568625264949093379579943827871326422","242117551071302803750106664496130378052","45274112443096330732340197864051469229"],"threshold":0.9},"id":"CVE-2016-10067-eceaca88","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10067.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"aa74980014c8246f92a200a6e431b8d8efe312e5"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"6.9.4-4"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"}}],"versions":["6.9.4-4","6.9.4-3","6.9.4-2","6.9.4-1","6.9.4-0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10067.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}