CVE-2016-8707Out-of-bounds Write in Imagemagick

CWE-787Out-of-bounds Write10 documents8 sources
Severity
7.8HIGHNVD
EPSS
2.1%
top 15.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedDec 23
Latest updateMay 13

Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/imagemagick< imagemagick 8:6.9.7.0+dfsg-2 (bookworm)
Debianimagemagick/imagemagick< 8:6.9.7.0+dfsg-2+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-wfj2-6fr9-gvjh: An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility2022-05-13
OSV
CVE-2016-8707: An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility2016-12-23

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2017-03-08
Red Hat
ImageMagick: OOB write in convert utility when deflating TIFF files2016-12-03
Debian
CVE-2016-8707: imagemagick - An exploitable out of bounds write exists in the handling of compressed TIFF ima...2016

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write2016-12-06
Talos
Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write2016-12-06

💬Community

2
Bugzilla
CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all]2016-12-23
Bugzilla
CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files2016-12-23