CVE-2016-8677

🗓️ 15 Feb 2017 21:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 108 Views

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure

Reporter	Title	Published	Views	Family All 71
CNVD	ImageMagick 'coders/tiff.c' memory leak vulnerability	18 Oct 201600:00	–	cnvd
Cvelist	CVE-2016-8677	15 Feb 201721:00	–	cvelist
Debian	[SECURITY] [DLA 807-1] imagemagick security update	30 Jan 201708:39	–	debian
Debian	[SECURITY] [DSA 3726-1] imagemagick security update	27 Nov 201604:09	–	debian
Debian	[SECURITY] [DSA 3726-1] imagemagick security update	27 Nov 201604:09	–	debian
Debian CVE	CVE-2016-8677	15 Feb 201721:00	–	debiancve
Tenable Nessus	Debian DLA-807-1 : imagemagick security update	31 Jan 201700:00	–	nessus
Tenable Nessus	Debian DSA-3726-1 : imagemagick - security update	28 Nov 201600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	10 Dec 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)	15 Apr 202000:00	–	nessus

NVD

Node

imagemagick imagemagickRange<6.9.5-10

imagemagick imagemagickRange7.0.0-0–7.0.3-1

Node

opensuse opensuseMatch13.2

Node

debian debian_linuxMatch8.0

Source	Link
securityfocus	www.securityfocus.com/bid/93598
debian	www.debian.org/security/2016/dsa-3726
github	www.github.com/ImageMagick/ImageMagick/issues/268
lists	www.lists.opensuse.org/opensuse-updates/2016-10/msg00107.html
blogs	www.blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
github	www.github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
openwall	www.openwall.com/lists/oss-security/2016/10/16/1
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

13 May 2026 00:24Current

8.4High risk

Vulners AI Score8.4

CVSS 26.8

CVSS 3.18.8

EPSS0.00496