CVE-2016-10057
published 2017-03-23CVE-2016-10057: Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service…
PriorityP278high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.71%
74.5th percentile
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imagemagick | < imagemagick 8:6.9.6.2+dfsg-2 (bookworm) | imagemagick 8:6.9.6.2+dfsg-2 (bookworm) |
| imagemagick | imagemagick | <= 6.9.5-7 | — |
| imagemagick | imagemagick | >= 0 < 8:6.9.6.2+dfsg-2 | 8:6.9.6.2+dfsg-2 |
| imagemagick | imagemagick | >= 0 < 8:6.9.6.2+dfsg-2 | 8:6.9.6.2+dfsg-2 |
| imagemagick | imagemagick | >= 0 < 8:6.9.6.2+dfsg-2 | 8:6.9.6.2+dfsg-2 |
| imagemagick | imagemagick | >= 0 < 8:6.9.6.2+dfsg-2 | 8:6.9.6.2+dfsg-2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger function is WriteGROUP4Image in coders/tiff.c — monitor for crashes or anomalous TIFF/CALS file processing in ImageMagick versions before 6.9.5-8 ↗
- →Vulnerability is in the CALS coder of ImageMagick; inspect CALS-format file submissions to ImageMagick-based services as a potential attack vector ↗
- →A maliciously crafted file triggers the overflow; flag unexpected application crashes in ImageMagick processes handling TIFF/CALS input ↗
- ·All Red Hat Enterprise Linux 5, 6, 7 and OpenShift Enterprise 2 packages are marked 'Will not fix' — patched versions will not be delivered via RHEL channels; operators must mitigate manually ↗
- ·Fixed version threshold is ImageMagick 6.9.5-8 (upstream) or Debian package 8:6.9.6.2+dfsg-2; ensure deployed version meets or exceeds these thresholds ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vulncheck7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ImageMagick: Buffer overflow in CALS coder
vendor_redhat·2016-08-23·CVSS 7.8
CVE-2016-10057 [HIGH] CWE-120 ImageMagick: Buffer overflow in CALS coder
ImageMagick: Buffer overflow in CALS coder
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Package: ImageMagick (Red Hat Enterprise Linux 5) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 6) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 7) - Will not fix
Package: ImageMagick (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2016-10057: imagemagick - Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick...
vendor_debian·2016·CVSS 7.8
CVE-2016-10057 [HIGH] CVE-2016-10057: imagemagick - Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick...
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Scope: local
bookworm: resolved (fixed in 8:6.9.6.2+dfsg-2)
bullseye: resolved (fixed in 8:6.9.6.2+dfsg-2)
forky: resolved (fixed in 8:6.9.6.2+dfsg-2)
sid: resolved (fixed in 8:6.9.6.2+dfsg-2)
trixie: resolved (fixed in 8:6.9.6.2+dfsg-2)
GHSA
GHSA-vr37-3xj8-x3wp: Buffer overflow in the WriteGROUP4Image function in coders/tiff
ghsa_unreviewed·2022-05-13
CVE-2016-10057 [HIGH] CWE-119 GHSA-vr37-3xj8-x3wp: Buffer overflow in the WriteGROUP4Image function in coders/tiff
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
OSV
CVE-2016-10057: Buffer overflow in the WriteGROUP4Image function in coders/tiff
osv·2017-03-23·CVSS 7.8
CVE-2016-10057 [HIGH] CVE-2016-10057: Buffer overflow in the WriteGROUP4Image function in coders/tiff
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
VulnCheck
ImageMagick ImageMagick Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2016·CVSS 7.8
CVE-2016-10057 [HIGH] ImageMagick ImageMagick Improper Restriction of Operations within the Bounds of a Memory Buffer
ImageMagick ImageMagick Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Affected: ImageMagick ImageMagick
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.csk.gov.in/alerts/STOP_ransomware.html
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder
bugzilla·2017-01-05·CVSS 7.8
CVE-2016-10057 [HIGH] CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder
CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder
A buffer overflow vulnerability was found in ImageMagick in the coders/tiff.c file. A maliciously crafted file could cause the application to crash or possibly have other impact.
References:
http://seclists.org/oss-sec/2016/q4/758
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836172
Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1410515]
Bugzilla
ImageMagick: various flaws [fedora-all]
bugzilla·2017-01-05·CVSS 5.5
[MEDIUM] ImageMagick: various flaws [fedora-all]
ImageMagick: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug ha
http://www.openwall.com/lists/oss-security/2016/12/26/9http://www.securityfocus.com/bid/95192https://bugzilla.redhat.com/show_bug.cgi?id=1410466https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1https://github.com/ImageMagick/ImageMagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1http://www.openwall.com/lists/oss-security/2016/12/26/9http://www.securityfocus.com/bid/95192https://bugzilla.redhat.com/show_bug.cgi?id=1410466https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1https://github.com/ImageMagick/ImageMagick/commit/eedd0c35bb2d8af7aa05f215689fdebd11633fa1
2017-03-23
Published
Exploited in the wild