Vulnerability Description
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | 7.0.3-1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3799Third Party Advisory
- http://www.securityfocus.com/bid/94727Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0216/ExploitTechnical DescriptionThird Party Advisory
- http://www.debian.org/security/2017/dsa-3799Third Party Advisory
- http://www.securityfocus.com/bid/94727Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0216/ExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2016-8707?
CVE-2016-8707 is a vulnerability with a CVSS score of 7.8 (HIGH). An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular ci...
How severe is CVE-2016-8707?
CVE-2016-8707 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8707?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick, Debian Debian Linux.