{"id":"CVE-2016-10063","details":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.","modified":"2026-04-11T03:36:47.018480Z","published":"2017-03-02T21:59:00.333Z","related":["SUSE-SU-2017:0529-1","SUSE-SU-2017:0586-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95210"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410476"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/94936efda8aa63563211eda07a5ade92abb32f7a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"2bb6941a2d557f26a2f2049ade466e118eeaab91"},{"fixed":"94936efda8aa63563211eda07a5ade92abb32f7a"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"54a5700dc60ace7029127dd70259729294756855"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.5-0"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-10","6.9.4-2","6.9.4-3","6.9.4-4","6.9.4-5","6.9.4-6","6.9.4-7","6.9.4-8","6.9.4-9","6.9.5-0","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.2-0","7.0.2-1","7.0.2-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10063.json","vanir_signatures_modified":"2026-04-11T03:36:47Z","vanir_signatures":[{"signature_version":"v1","target":{"file":"coders/tiff.c"},"digest":{"threshold":0.9,"line_hashes":["103697060135959106830542413254913951694","1970232661960226097742482354256480176","140021645161412844653934009265423901104","302084411660785079186154865634642153861","246452775775643479039632313154872888617","96104928818251249225816813371569332163","221605472236257057980001368241814973503","236355740425942618058476961888908248301","92441154995531210210313172415131763886","150240877669528608968858354961175477375"]},"deprecated":false,"signature_type":"Line","id":"CVE-2016-10063-33dd8588","source":"https://github.com/imagemagick/imagemagick/commit/94936efda8aa63563211eda07a5ade92abb32f7a"},{"signature_version":"v1","target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"digest":{"length":23155,"function_hash":"172215250049717264941504509801069341502"},"deprecated":false,"signature_type":"Function","id":"CVE-2016-10063-76cb0528","source":"https://github.com/imagemagick/imagemagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91"},{"signature_version":"v1","target":{"function":"ReadTIFFImage","file":"coders/tiff.c"},"digest":{"length":23919,"function_hash":"237957955268260375240577298103735291751"},"deprecated":false,"signature_type":"Function","id":"CVE-2016-10063-9aa5f30e","source":"https://github.com/imagemagick/imagemagick/commit/94936efda8aa63563211eda07a5ade92abb32f7a"},{"signature_version":"v1","target":{"file":"coders/tiff.c"},"digest":{"threshold":0.9,"line_hashes":["309531415309245492516289000074322004777","158286900341591609423779053651258020838","227606226587041552729349993316568568428","79119237227817969750971569110353603804","195998754719549900261819408483335219650","51589611085731193000899006364071274303","84621561432804615868200120694307231124","72789692611261142092603024766030838246","331403667152163900531105055036556863967","221605472236257057980001368241814973503","236355740425942618058476961888908248301","92441154995531210210313172415131763886","150240877669528608968858354961175477375"]},"deprecated":false,"signature_type":"Line","id":"CVE-2016-10063-e0919938","source":"https://github.com/imagemagick/imagemagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}