PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-10069 Imagemagick CVE debrief

CVE-2016-10069 is a denial-of-service issue in ImageMagick's MAT file handling code (coders/mat.c). According to the NVD record, malformed MAT content with an invalid number of frames can trigger an application crash in versions before 6.9.4-5. The public record indicates the issue was disclosed on 2017-03-02, with upstream and downstream advisory references pointing to a patch and vendor follow-up.

Vendor
Imagemagick
Product
CVE-2016-10069
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-03-02
Original CVE updated
2026-05-13
Advisory published
2017-03-02
Advisory updated
2026-05-13

Who should care

Administrators and developers who run ImageMagick on systems that accept or batch-process untrusted image files, especially MAT files. This is most relevant in upload pipelines, document conversion services, media processing jobs, and packaged Linux distributions that ship vulnerable ImageMagick builds.

Technical summary

The NVD description attributes the flaw to improper validation in coders/mat.c, where a MAT file containing an invalid number of frames can cause ImageMagick to crash. The NVD lists ImageMagick versions through 6.9.4-4 as vulnerable and assigns CWE-20 (Improper Input Validation). The NVD CVSS vector is CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which reflects a high availability impact but also indicates user interaction is required. The source corpus also contains a description that refers to remote attackers, so the record should be read with that metadata inconsistency in mind.

Defensive priority

Medium. Treat as higher priority if ImageMagick is exposed to untrusted uploads or automated processing of customer-supplied MAT files.

Recommended defensive actions

  • Upgrade ImageMagick to 6.9.4-5 or later, or apply the vendor patch referenced in the advisory and upstream commit records.
  • Restrict or sandbox file conversion jobs that process untrusted MAT content.
  • Add input validation and file-type allowlisting before handing files to ImageMagick.
  • Monitor for unexpected ImageMagick crashes or repeated failures in image-processing pipelines.
  • If you rely on a distribution package, verify whether your vendor backport includes the fix.

Evidence notes

Primary evidence comes from the NVD CVE record and the linked upstream/downstream references. The NVD record shows publication on 2017-03-02 and a later modification on 2026-05-13. Supporting references in the corpus include the openSUSE advisory, the oss-security mailing list post dated 2016-12-26, a Red Hat Bugzilla entry, and an ImageMagick GitHub commit tagged as the patch reference. The corpus contains a metadata mismatch between the prose description ('remote attackers') and the CVSS vector (AV:L/UI:R); the debrief preserves both without resolving beyond the supplied evidence.

Official resources

Published in the CVE/NVD ecosystem on 2017-03-02. The NVD record was later modified on 2026-05-13. The corpus also includes a prior mailing-list reference dated 2016-12-26.