{"id":"CVE-2016-10059","details":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.","modified":"2026-04-11T03:36:47.316754Z","published":"2017-03-23T17:59:00.797Z","related":["SUSE-SU-2017:0518-1","SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95206"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410469"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"58cf5bf4fade82e3b510e8f3463a967278a3e410"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"4bae9bed8a79e031884ca9a4681dce89dbd26855"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.4-0"}]}}],"versions":["6.9.4-0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:36:47Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10059.json","vanir_signatures":[{"id":"CVE-2016-10059-327e22b0","signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"digest":{"length":22985,"function_hash":"46844506430865017157779661333331991959"},"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410"},{"id":"CVE-2016-10059-6a8cf1af","signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"coders/jpeg.c"},"digest":{"line_hashes":["30084234567020470244921781857671344244","46917590751996641588394695207195500099","142676019889728145191261000839290450224","270302288927828745745005357868389931743","85297856614803582436110873697226801800"],"threshold":0.9},"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410"},{"id":"CVE-2016-10059-9fd9f146","signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"coders/tiff.c"},"digest":{"line_hashes":["306347563246860832379968629154438407220","322746736395994799549064672264417146918","111441152033057223604311816348659031877","315123091794439334288278428368018156190","256277737091639211646941759846973747143","52929853092328943966989262005895798708","263642969953254076559218964991482558536","197495466917042746199095003208821181530","42100060933742766084748798323331643049"],"threshold":0.9},"source":"https://github.com/imagemagick/imagemagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}