CVE-2016-8707

Published: Dec 23, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Affected (2)

Products: Imagemagick: Imagemagick · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.0.3-1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.debian.org/security/2017/dsa-3799

Source: talos-cna@cisco.com

Third Party Advisory

http://www.securityfocus.com/bid/94727

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0216/

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

http://www.debian.org/security/2017/dsa-3799

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/94727

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0216/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.