CVE-2016-8707

Published: 12/23/2016 Last updated: 8/6/2024 Reserved: 10/17/2016

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

CNA assigner: talos (b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7.5	High	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
ImageMagick 7.0.3-1	n/a	1.04.21353

References (6)

http://www.securityfocus.com/bid/94727
http://www.debian.org/security/2017/dsa-3799
http://www.talosintelligence.com/reports/TALOS-2016-0216/
http://www.securityfocus.com/bid/94727
http://www.debian.org/security/2017/dsa-3799
http://www.talosintelligence.com/reports/TALOS-2016-0216/