{"id":"CVE-2016-10058","details":"Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.","modified":"2026-04-16T06:25:15.277965068Z","published":"2017-03-23T17:59:00.767Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95212"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410467"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/47e8e6ceef979327614d0b8f0c76c6ecb18e09cf"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"47e8e6ceef979327614d0b8f0c76c6ecb18e09cf"},{"fixed":"4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"976b9f819edef20467422d506323f344413a2698"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.6-2"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0","6.9.5-1","6.9.5-10","6.9.5-2","6.9.5-3","6.9.5-4","6.9.5-5","6.9.5-6","6.9.5-7","6.9.5-8","6.9.5-9","6.9.6-0","6.9.6-1","6.9.6-2","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-2","7.0.3-3","7.0.3-4"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:36:45Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10058.json","vanir_signatures":[{"source":"https://github.com/imagemagick/imagemagick/commit/47e8e6ceef979327614d0b8f0c76c6ecb18e09cf","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["326924582903443481251878225363754558911","147990312674149317145581600390021292608","121460852705903397707857966039291968575","100264852235503213349979973628400120018"],"threshold":0.9},"signature_type":"Line","id":"CVE-2016-10058-79e979b1","target":{"file":"coders/psd.c"}},{"source":"https://github.com/imagemagick/imagemagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["326924582903443481251878225363754558911","147990312674149317145581600390021292608","121460852705903397707857966039291968575","100264852235503213349979973628400120018"],"threshold":0.9},"signature_type":"Line","target":{"file":"coders/psd.c"},"id":"CVE-2016-10058-7a544771"},{"source":"https://github.com/imagemagick/imagemagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a","signature_version":"v1","deprecated":false,"digest":{"function_hash":"338975964875081985472926941847734116875","length":9448},"signature_type":"Function","target":{"file":"coders/psd.c","function":"ReadPSDLayers"},"id":"CVE-2016-10058-8a63e0b2"},{"source":"https://github.com/imagemagick/imagemagick/commit/47e8e6ceef979327614d0b8f0c76c6ecb18e09cf","signature_version":"v1","deprecated":false,"digest":{"function_hash":"147982455886578044050352910075173953081","length":9463},"signature_type":"Function","id":"CVE-2016-10058-dda794fc","target":{"file":"coders/psd.c","function":"ReadPSDLayers"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}