{"id":"CVE-2016-10055","details":"Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.","modified":"2026-04-16T06:24:15.855494328Z","published":"2017-03-23T17:59:00.657Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95193"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410464"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"10b3823a7619ed22d42764733eb052c4159bc8c1"},{"fixed":"eedd0c35bb2d8af7aa05f215689fdebd11633fa1"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"a9b9ebc94edd86c3508365cc84317fdd6c2ef311"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.5-7"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0","6.9.5-1","6.9.5-2","6.9.5-3","6.9.5-4","6.9.5-5","6.9.5-6","6.9.5-7","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9"],"database_specific":{"vanir_signatures":[{"target":{"file":"coders/pdb.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["267869016332720483013222119984604307888","25012122430529138132327781082819534783","103238969231085573114205302564331285938","323395032532886453343725611558529016018","191026665180056598547663259407621152908","134422048600921800387661936290872390478","190886996908131019064686742604017330266","234094834258744391220827832446431712732"]},"id":"CVE-2016-10055-09c54feb","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"target":{"function":"sixel_decode","file":"coders/sixel.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"261753474165299154870797904853341575748","length":6096},"id":"CVE-2016-10055-13b13939","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"function":"WriteGROUP4Image","file":"coders/tiff.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"123454541452732376725266352710053695960","length":3130},"id":"CVE-2016-10055-3f001190","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"signature_version":"v1","target":{"file":"coders/sixel.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["203797474637118512453972280949163008002","252631522870173230376437099860673805346","44208813587868199207592630074732361520","149273269525605602415495119661029925985","12717641883423959947509058685337067856","154530113651459018860191365963765349751","45414484883271640500535050538999095974","188179959842870747001012599030752316599","27137799785700216200167927680669825248","115173963683043630305634349698332981372","34063257903834987917814852781835753838","313888808292524602711812811762590074254","271964816528902453734045899088741099290","82691443967179425023600027002291027935","337960590474988498679301956753749001914","184220888992643894013045065585643595111","64167273201742553502523204772433422154","66088025337907396288642815181624851021","96644727846481823647205505592743090497","34192445873756407746184964863824326527","313888808292524602711812811762590074254","271964816528902453734045899088741099290","82691443967179425023600027002291027935","337960590474988498679301956753749001914","184220888992643894013045065585643595111","64167273201742553502523204772433422154","212815029489560545155110862104803560592","118304965905861367378515935950543174775","142260361347420336167858180373338055597","297235610867930922776399444317866505661","18748627476741160959729401002901128873","269744226649842670185831111368053441346","317450005745396139145498718581523478621","68833293282146625357762406930341213748"]},"id":"CVE-2016-10055-46121fb5","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"signature_version":"v1","target":{"file":"coders/pdb.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["267869016332720483013222119984604307888","25012122430529138132327781082819534783","103238969231085573114205302564331285938","323395032532886453343725611558529016018","164991534805752835832670328817855577689","134422048600921800387661936290872390478","190886996908131019064686742604017330266","234094834258744391220827832446431712732"]},"id":"CVE-2016-10055-51ccdb5c","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"file":"coders/tiff.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2016-10055-52f9c2fe","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","digest":{"threshold":0.9,"line_hashes":["181298372566541220556369532953721936608","47516390151822054236233350492875253801","247238568002170781529321422191315151485","140368857615958154213572079812905855153","115823210148357423425140562412591254840"]}},{"target":{"file":"coders/map.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["131737762343335338157396135499448713783","169307949015573361044403345015270170042","34327832098901800673030132546929752160","298624110013779679574010680422162837785","306441230114169267891548704715383373733","246842325239342798184595293373145048907","232695631620521674025421197986758604224","134487445582269284738743386138095989046","185211743431584715355434440653114840981","316908471354704175685127901485562665551","171911232235964536759895383563007018455","244792912806316439851700745062758715459","246646011458956328625403371599902416614","334066755622168117564961616071979705020","194453672907996134597875932939840008646","61395089932151206211670747265318770720","19583047659817378576853037861063204691","18176503185240136381729018046674709679","127650075993250985300494051200448362384"]},"id":"CVE-2016-10055-7b82f628","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"function":"WriteSIXELImage","file":"coders/sixel.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"169127073229688369561301178527682032745","length":2920},"id":"CVE-2016-10055-7de70bf6","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"function":"WriteMAPImage","file":"coders/map.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"7149632261028492759674543438011315795","length":2822},"id":"CVE-2016-10055-867e21c4","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"target":{"function":"WritePDBImage","file":"coders/pdb.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"43812438829142776637564390059115473281","length":7066},"id":"CVE-2016-10055-a30ef421","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"function":"WriteGROUP4Image","file":"coders/tiff.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"338430420277475216035256945987118635033","length":3087},"id":"CVE-2016-10055-c78de7af","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"target":{"function":"WriteMAPImage","file":"coders/map.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2016-10055-ccee5c1a","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","digest":{"function_hash":"284167287226955391810203354461600531737","length":2761}},{"target":{"function":"WritePDBImage","file":"coders/pdb.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2016-10055-d03b0def","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","digest":{"function_hash":"37767012095024599215652254796719614504","length":7114}},{"target":{"file":"coders/sixel.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["203797474637118512453972280949163008002","252631522870173230376437099860673805346","44208813587868199207592630074732361520","149273269525605602415495119661029925985","12717641883423959947509058685337067856","154530113651459018860191365963765349751","45414484883271640500535050538999095974","188179959842870747001012599030752316599","27137799785700216200167927680669825248","115173963683043630305634349698332981372","34063257903834987917814852781835753838","313888808292524602711812811762590074254","271964816528902453734045899088741099290","82691443967179425023600027002291027935","337960590474988498679301956753749001914","184220888992643894013045065585643595111","64167273201742553502523204772433422154","305628077515582519417470112198182241838","38937561146948131342792204897914039731","66088025337907396288642815181624851021","96644727846481823647205505592743090497","34192445873756407746184964863824326527","313888808292524602711812811762590074254","271964816528902453734045899088741099290","82691443967179425023600027002291027935","337960590474988498679301956753749001914","184220888992643894013045065585643595111","64167273201742553502523204772433422154","305628077515582519417470112198182241838","38937561146948131342792204897914039731","212815029489560545155110862104803560592","118304965905861367378515935950543174775","142260361347420336167858180373338055597","297235610867930922776399444317866505661","18748627476741160959729401002901128873","269744226649842670185831111368053441346","317450005745396139145498718581523478621","68833293282146625357762406930341213748","242139229304324484199677890891999724256","14353219918529216909771900969287675405","123045483499464472055237476547682307794","236947212297531744084101862841905826673"]},"id":"CVE-2016-10055-ef14f5fe","source":"https://github.com/imagemagick/imagemagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1","deprecated":false},{"signature_version":"v1","target":{"file":"coders/tiff.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["297048582775260710252214947650645456572","186446544806334968731633930775108842922","201528689774793305574221128393668368153","171828411070379121503062116483037888097","303840071972403566634208928443670508576"]},"id":"CVE-2016-10055-fafe875f","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"signature_version":"v1","target":{"file":"coders/map.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["131737762343335338157396135499448713783","169307949015573361044403345015270170042","34327832098901800673030132546929752160","298624110013779679574010680422162837785","306441230114169267891548704715383373733","246842325239342798184595293373145048907","232695631620521674025421197986758604224","134487445582269284738743386138095989046","185211743431584715355434440653114840981","316908471354704175685127901485562665551","171911232235964536759895383563007018455","244792912806316439851700745062758715459","246646011458956328625403371599902416614","334066755622168117564961616071979705020","194453672907996134597875932939840008646","61395089932151206211670747265318770720","19583047659817378576853037861063204691","18176503185240136381729018046674709679","127650075993250985300494051200448362384"]},"id":"CVE-2016-10055-fc2a7658","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false},{"target":{"function":"sixel_decode","file":"coders/sixel.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"261753474165299154870797904853341575748","length":6096},"id":"CVE-2016-10055-fe766af4","source":"https://github.com/imagemagick/imagemagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10055.json","vanir_signatures_modified":"2026-04-11T03:36:44Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}