CVE-2016-8707
First published: Fri Dec 23 2016(Updated: )
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | =7.0.3-1 | |
| Debian Debian Linux | =8.0 | |
| debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.13.12+dfsg1-1 8:7.1.1.39+dfsg1-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2017/dsa-3799
- http://www.securityfocus.com/bid/94727
- http://www.talosintelligence.com/reports/TALOS-2016-0216/
- https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0
- https://github.com/ImageMagick/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93
- https://github.com/ImageMagick/ImageMagick/commit/e5dc6d628a1c6049dc95adcea5e49aaa7ef2c778
- https://security-tracker.debian.org/tracker/CVE-2016-8707
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/event
- agent/description
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.0.3-1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- package-manager/debian