{"id":"CVE-2016-10067","details":"magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving \"too many exceptions,\" which trigger a buffer overflow.","modified":"2026-04-01T23:32:37.841862Z","published":"2017-03-02T21:59:00.443Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95220"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410494"},{"type":"FIX","url":"https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/26/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"0"},{"fixed":"0474237508f39c4f783208123431815f1ededb76"}]},{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick6","events":[{"introduced":"0"},{"last_affected":"aa74980014c8246f92a200a6e431b8d8efe312e5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.4-4"}]}}],"versions":["6.9.4-0","6.9.4-1","6.9.4-2","6.9.4-3","6.9.4-4","7.0.1-0","7.0.1-1","7.0.1-10","7.0.1-2","7.0.1-3","7.0.1-4","7.0.1-5","7.0.1-6","7.0.1-7","7.0.1-8","7.0.1-9","7.0.10-0","7.0.10-1","7.0.10-10","7.0.10-11","7.0.10-12","7.0.10-13","7.0.10-14","7.0.10-15","7.0.10-16","7.0.10-17","7.0.10-18","7.0.10-19","7.0.10-2","7.0.10-20","7.0.10-21","7.0.10-22","7.0.10-23","7.0.10-24","7.0.10-25","7.0.10-26","7.0.10-27","7.0.10-28","7.0.10-29","7.0.10-3","7.0.10-30","7.0.10-31","7.0.10-32","7.0.10-33","7.0.10-34","7.0.10-35","7.0.10-36","7.0.10-37","7.0.10-38","7.0.10-39","7.0.10-4","7.0.10-40","7.0.10-41","7.0.10-42","7.0.10-43","7.0.10-44","7.0.10-45","7.0.10-46","7.0.10-47","7.0.10-48","7.0.10-49","7.0.10-5","7.0.10-50","7.0.10-51","7.0.10-52","7.0.10-53","7.0.10-54","7.0.10-55","7.0.10-56","7.0.10-57","7.0.10-58","7.0.10-59","7.0.10-6","7.0.10-60","7.0.10-61","7.0.10-62","7.0.10-7","7.0.10-8","7.0.10-9","7.0.11-0","7.0.11-1","7.0.11-10","7.0.11-11","7.0.11-12","7.0.11-13","7.0.11-14","7.0.11-2","7.0.11-3","7.0.11-4","7.0.11-5","7.0.11-6","7.0.11-7","7.0.11-8","7.0.11-9","7.0.2-0","7.0.2-1","7.0.2-10","7.0.2-2","7.0.2-3","7.0.2-4","7.0.2-5","7.0.2-6","7.0.2-7","7.0.2-8","7.0.2-9","7.0.3-0","7.0.3-1","7.0.3-10","7.0.3-2","7.0.3-3","7.0.3-4","7.0.3-5","7.0.3-6","7.0.3-7","7.0.3-8","7.0.3-9","7.0.4-0","7.0.4-1","7.0.4-10","7.0.4-2","7.0.4-3","7.0.4-4","7.0.4-5","7.0.4-6","7.0.4-7","7.0.4-8","7.0.4-9","7.0.5-0","7.0.5-1","7.0.5-10","7.0.5-2","7.0.5-3","7.0.5-4","7.0.5-5","7.0.5-6","7.0.5-7","7.0.5-8","7.0.5-9","7.0.6-0","7.0.6-1","7.0.6-2","7.0.6-3","7.0.6-4","7.0.6-5","7.0.6-6","7.0.6-7","7.0.6-8","7.0.6-9","7.0.7-0","7.0.7-1","7.0.7-10","7.0.7-11","7.0.7-12","7.0.7-13","7.0.7-14","7.0.7-15","7.0.7-16","7.0.7-17","7.0.7-18","7.0.7-19","7.0.7-2","7.0.7-20","7.0.7-21","7.0.7-22","7.0.7-23","7.0.7-24","7.0.7-25","7.0.7-26","7.0.7-27","7.0.7-28","7.0.7-29","7.0.7-3","7.0.7-30","7.0.7-31","7.0.7-32","7.0.7-33","7.0.7-34","7.0.7-35","7.0.7-36","7.0.7-37","7.0.7-38","7.0.7-39","7.0.7-4","7.0.7-5","7.0.7-6","7.0.7-8","7.0.7-9","7.0.7.7","7.0.8-0","7.0.8-1","7.0.8-10","7.0.8-11","7.0.8-12","7.0.8-13","7.0.8-14","7.0.8-15","7.0.8-16","7.0.8-17","7.0.8-18","7.0.8-19","7.0.8-2","7.0.8-20","7.0.8-21","7.0.8-22","7.0.8-23","7.0.8-24","7.0.8-25","7.0.8-26","7.0.8-27","7.0.8-28","7.0.8-29","7.0.8-3","7.0.8-30","7.0.8-31","7.0.8-32","7.0.8-33","7.0.8-34","7.0.8-35","7.0.8-36","7.0.8-37","7.0.8-38","7.0.8-39","7.0.8-4","7.0.8-40","7.0.8-41","7.0.8-42","7.0.8-43","7.0.8-44","7.0.8-45","7.0.8-46","7.0.8-47","7.0.8-48","7.0.8-49","7.0.8-5","7.0.8-50","7.0.8-51","7.0.8-52","7.0.8-53","7.0.8-54","7.0.8-55","7.0.8-56","7.0.8-57","7.0.8-58","7.0.8-59","7.0.8-6","7.0.8-60","7.0.8-61","7.0.8-62","7.0.8-63","7.0.8-64","7.0.8-65","7.0.8-66","7.0.8-67","7.0.8-68","7.0.8-7","7.0.8-8","7.0.8-9","7.0.9-0","7.0.9-1","7.0.9-10","7.0.9-11","7.0.9-12","7.0.9-13","7.0.9-14","7.0.9-15","7.0.9-16","7.0.9-17","7.0.9-18","7.0.9-19","7.0.9-2","7.0.9-20","7.0.9-21","7.0.9-22","7.0.9-23","7.0.9-24","7.0.9-25","7.0.9-26","7.0.9-27","7.0.9-4","7.0.9-5","7.0.9-6","7.0.9-7","7.0.9-8","7.0.9-9","7.1.0-0","7.1.0-1","7.1.0-10","7.1.0-11","7.1.0-12","7.1.0-13","7.1.0-14","7.1.0-15","7.1.0-16","7.1.0-17","7.1.0-18","7.1.0-19","7.1.0-2","7.1.0-20","7.1.0-21","7.1.0-22","7.1.0-23","7.1.0-24","7.1.0-25","7.1.0-26","7.1.0-27","7.1.0-28","7.1.0-29","7.1.0-3","7.1.0-30","7.1.0-31","7.1.0-32","7.1.0-33","7.1.0-34","7.1.0-35","7.1.0-36","7.1.0-37","7.1.0-38","7.1.0-39","7.1.0-4","7.1.0-40","7.1.0-41","7.1.0-42","7.1.0-43","7.1.0-44","7.1.0-45","7.1.0-46","7.1.0-47","7.1.0-48","7.1.0-49","7.1.0-5","7.1.0-50","7.1.0-51","7.1.0-52","7.1.0-53","7.1.0-54","7.1.0-55","7.1.0-56","7.1.0-57","7.1.0-58","7.1.0-59","7.1.0-6","7.1.0-60","7.1.0-61","7.1.0-62","7.1.0-7","7.1.0-8","7.1.0-9","7.1.1-0","7.1.1-1","7.1.1-10","7.1.1-11","7.1.1-12","7.1.1-13","7.1.1-14","7.1.1-15","7.1.1-16","7.1.1-17","7.1.1-18","7.1.1-19","7.1.1-2","7.1.1-20","7.1.1-21","7.1.1-22","7.1.1-23","7.1.1-24","7.1.1-25","7.1.1-26","7.1.1-27","7.1.1-28","7.1.1-29","7.1.1-3","7.1.1-30","7.1.1-31","7.1.1-32","7.1.1-33","7.1.1-34","7.1.1-35","7.1.1-36","7.1.1-37","7.1.1-38","7.1.1-39","7.1.1-4","7.1.1-40","7.1.1-41","7.1.1-43","7.1.1-44","7.1.1-45","7.1.1-46","7.1.1-47","7.1.1-5","7.1.1-6","7.1.1-7","7.1.1-8","7.1.1-9","7.1.2-0","7.1.2-1","7.1.2-10","7.1.2-11","7.1.2-12","7.1.2-13","7.1.2-14","7.1.2-15","7.1.2-16","7.1.2-17","7.1.2-18","7.1.2-2","7.1.2-3","7.1.2-5","7.1.2-6","7.1.2-7","7.1.2-8","7.1.2-9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10067.json","vanir_signatures":[{"target":{"file":"coders/label.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"threshold":0.9,"line_hashes":["108607596337284873438713357942574930214","237633640835997944068952276706033608549","120807976248275480082856013548573521133","118897056398172557493628946078783779803","121223272467362147315834562595814232384","179335662439473171314695401001724041771","113873992360146063094212461777552822983","333922816641655046025748233356858913110","266267152514014186465320715871393728081","214412374285936925203816822958700918856","339353674543151414102460601934362813929","276845728028218299557575875494509398560","319541286409470569834530754937755068660","181731089802856310941619364384460989067","151547825222425517076884105575962808811"]},"signature_version":"v1","id":"CVE-2016-10067-01801c0e"},{"target":{"file":"coders/viff.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"threshold":0.9,"line_hashes":["53787206279956202573671648496373016982","303516244542161883898920977145995064550","338667304928875696497022151079025015668","100985721311873205735363948094157127540","178158921106307629965529446786227195582","264207837489299956477613472589324079359","219354439851894461231981041107404293418","140535064203036670945300308113704356240","97349473963225920214940921589276250258","70090426918024051190773131812080074789","58645192621437736588711862293458866179","61314721810164076511379943107005253732","39699842088300623940374935683762797382","117095571284158819035524065504355536566","258007135289899567879324305484487390534","223845886969433362549586221023178023767","326978410136234277987615209375128600520","306444017120264752737509354588958303623","28545087243879278159816660121724531915","129676858489907891740588352079519765189","201053315912106487633772625961710441222","250821574545648720251097230628459156454","25054909255721746442188097154651468396","246607835063806645547394756362769139898","258997824493927227887749480366250166470","200327508670429439347903671429577287537"]},"signature_version":"v1","id":"CVE-2016-10067-1e67b3ac"},{"target":{"function":"CheckMemoryOverflow","file":"magick/memory.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"function_hash":"307925872377087016446741724910969115367","length":225},"signature_version":"v1","id":"CVE-2016-10067-2d9dd53b"},{"target":{"function":"CheckMemoryOverflow","file":"coders/viff.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"function_hash":"307925872377087016446741724910969115367","length":225},"signature_version":"v1","id":"CVE-2016-10067-67c495cb"},{"target":{"file":"magick/memory.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"threshold":0.9,"line_hashes":["288554417113392843063944906536847778994","266238974516358030216152831934984587793","297935054960007214342408779001958397486","100985721311873205735363948094157127540","178158921106307629965529446786227195582","264207837489299956477613472589324079359","219354439851894461231981041107404293418","140535064203036670945300308113704356240","97349473963225920214940921589276250258","70090426918024051190773131812080074789","58645192621437736588711862293458866179","61314721810164076511379943107005253732","39699842088300623940374935683762797382","209622836300486528984667550194657566485","11910165410541749809231702517434511206","142368951571918335197043179485017177620","73190787010645692566280159822612513046","81250572606301466650314107025662053158","126596611108158729076549189697886747381","125640168392645451961003129459089052203","31043014141004938524514335861787050498","97729858875299111212715046913089563727","110718064199481662198301174729625367364","56359161671424950468264254872444436745","174393673240881518968981202671788981440","198194260308463205784828033953225088269","265659351690763809336263955494958094130","143257050742607329286151269639705210590","172677337797412220142258499668451977500","5715707803946165505867541198185010626","286761992254603781564111454482898118399","31043014141004938524514335861787050498","160062095623018238254576721928066562589","37120292623600446376840229629322149825","27392999917083770160978857971615169089"]},"signature_version":"v1","id":"CVE-2016-10067-6e4854b8"},{"target":{"file":"magick/exception.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"threshold":0.9,"line_hashes":["202935799622310075340785417743766074224","226323798185080932130992804315249843247","57742649170761079362837749058095914311","204318077949300039755051142459070276437","55600058602503287623223921354378400578","86523852709779180855267222453944400513","38970680458556342418243341609934766628","15880177136517718166836114526319861647","170345292602722490836399326760739745993","130931443616747959215929175758247735561","92422542924647134950770009168117962116","77074365793088914454074111566598370691","268458383481560621607154736696875825582","334346319698806593949681098196923495241","224927926144911684702565965448291253749","80187538749638318263659268852598630028","20398501257197782315296132354572706942"]},"signature_version":"v1","id":"CVE-2016-10067-b40250a2"},{"target":{"function":"ReadLABELImage","file":"coders/label.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"function_hash":"166116811364854504844705288607638663177","length":4241},"signature_version":"v1","id":"CVE-2016-10067-c09706e1"},{"target":{"function":"CatchException","file":"magick/exception.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"function_hash":"119080263127803556733543282937685056962","length":964},"signature_version":"v1","id":"CVE-2016-10067-dda1791a"},{"target":{"file":"magick/memory-private.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/imagemagick/imagemagick/commit/0474237508f39c4f783208123431815f1ededb76","digest":{"threshold":0.9,"line_hashes":["61568625264949093379579943827871326422","242117551071302803750106664496130378052","45274112443096330732340197864051469229"]},"signature_version":"v1","id":"CVE-2016-10067-eceaca88"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}