{"id":"CVE-2016-10060","details":"The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.","modified":"2026-04-01T23:32:34.360453Z","published":"2017-03-02T21:59:00.193Z","related":["SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95208"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410470"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/issues/196"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"2615e69b7e7d72e3bd5eef828708d08d1490b7fe"},{"fixed":"933e96f01a8c889c7bf5ffd30020e86a02a046e7"}],"database_specific":{"versions":[{"introduced":"7.0.0-0"},{"fixed":"7.0.1-10"}]}},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"fixed":"0a068cf62733700e63e61d7a39f95a4370abeb0f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.9.4-1"}]}}],"versions":["6.9.4-0","7.0.1-0","7.0.1-1","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10060.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["227299882721116592709482475795133037974","87423675193590435593635474209794369085","193678056235101955212642375656884137402","136001555097471905373161129692814644905","201732433303800874486204640889434781598","38213447942917837284738099203544728467","70880295127880853930865286503725358981","82294672300045105876531221560026020191","163936732842345039575980593813037427724","210953262708847840916372944530476032683","299609937888473617492738237168869493698","68603826471207600799051290829842220978","159062777604320975964365798253145446874","230807452498302207957261887537972372602","218891157201433039815294326940180809119","61054882771673948893216017920530891121","114530958464579643041822068585147914912","305223350599904233618870653115878852195","314983525292805033308482743870525436060","216169808303816933301535212766451714014","45216771192111082260336579381064815148","305738967218639126891935087515538132474","84997710681039802485460629174208153819","51892563601825328510546416731384338232","35667306662873101273123497707186252454","294438163978125294760746749404815481723","123545197954672763000257115338877295504","154079374254416245463467555078021530543","192418729030346308367255542467062480410","332859666834437471998377559189094802391","90725133897147716297022623934891403958","193974196492180964798431324993977305882","90765364666920445852478026926468475413"]},"signature_version":"v1","id":"CVE-2016-10060-040525e1","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7","signature_type":"Line","target":{"file":"MagickWand/magick-cli.c"}},{"digest":{"function_hash":"195141214752207279250730582299668517571","length":1011},"signature_version":"v1","id":"CVE-2016-10060-bb490a43","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7","signature_type":"Function","target":{"file":"MagickWand/magick-cli.c","function":"ConcatenateImages"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}