CVE-2016-8707

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

References

http://www.debian.org/security/2017/dsa-3799

http://www.securityfocus.com/bid/94727

http://www.talosintelligence.com/reports/TALOS-2016-0216/

Details

Source: MITRE

Published: 2016-12-23

Updated: 2017-11-04

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
135519EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)NessusHuawei Local Security Checks
critical
131846EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)NessusHuawei Local Security Checks
critical
103333Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)NessusFedora Local Security Checks
critical
103314Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)NessusFedora Local Security Checks
critical
97634Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1)NessusUbuntu Local Security Checks
critical
97475Debian DSA-3799-1 : imagemagick - security updateNessusDebian Local Security Checks
critical
96296openSUSE Security Update : ImageMagick (openSUSE-2017-14)NessusSuSE Local Security Checks
high
96139SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)NessusSuSE Local Security Checks
high
96138SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)NessusSuSE Local Security Checks
high
96133openSUSE Security Update : ImageMagick (openSUSE-2016-1512)NessusSuSE Local Security Checks
high
96051Debian DLA-756-1 : imagemagick security updateNessusDebian Local Security Checks
high