{"id":"CVE-2016-10053","details":"The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.","modified":"2026-04-16T06:26:05.864980975Z","published":"2017-03-23T17:59:00.563Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95179"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410461"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/728dc6a600cf4cbdac846964c85cc04339db8ac1"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"728dc6a600cf4cbdac846964c85cc04339db8ac1"},{"fixed":"f983dcdf9c178e0cbc49608a78713c5669aa1bb5"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"a9b9ebc94edd86c3508365cc84317fdd6c2ef311"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.5-7"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0","6.9.5-1","6.9.5-2","6.9.5-3","6.9.5-4","6.9.5-5","6.9.5-6","6.9.5-7","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2016-10053-19797d9d","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/728dc6a600cf4cbdac846964c85cc04339db8ac1","digest":{"length":20788,"function_hash":"274419543591742191410468829872099223047"},"signature_type":"Function","target":{"function":"WriteTIFFImage","file":"coders/tiff.c"}},{"signature_version":"v1","id":"CVE-2016-10053-8a8848c2","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/728dc6a600cf4cbdac846964c85cc04339db8ac1","digest":{"threshold":0.9,"line_hashes":["221038108437350806159126510334920769037","50381209739734017750516221905894594669","17543559450645463149458650869335170120","95482384169182130994923099802621566967"]},"signature_type":"Line","target":{"file":"coders/tiff.c"}},{"target":{"function":"WriteTIFFImage","file":"coders/tiff.c"},"source":"https://github.com/imagemagick/imagemagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5","deprecated":false,"id":"CVE-2016-10053-9bcf29f0","digest":{"length":20786,"function_hash":"89309021242255837935715292339430991340"},"signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/imagemagick/imagemagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5","target":{"file":"coders/tiff.c"},"deprecated":false,"id":"CVE-2016-10053-f363b200","digest":{"threshold":0.9,"line_hashes":["221038108437350806159126510334920769037","50381209739734017750516221905894594669","17543559450645463149458650869335170120","95482384169182130994923099802621566967"]},"signature_type":"Line","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T03:36:44Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10053.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}