An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
http://www.debian.org/security/2017/dsa-3799
Source: MITRE
Published: 2016-12-23
Updated: 2017-11-04
Type: CWE-787
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 7
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
135519 | EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390) | Nessus | Huawei Local Security Checks | high |
131846 | EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354) | Nessus | Huawei Local Security Checks | high |
103333 | Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31) | Nessus | Fedora Local Security Checks | high |
103314 | Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f) | Nessus | Fedora Local Security Checks | high |
97634 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1) | Nessus | Ubuntu Local Security Checks | high |
97475 | Debian DSA-3799-1 : imagemagick - security update | Nessus | Debian Local Security Checks | high |
96296 | openSUSE Security Update : ImageMagick (openSUSE-2017-14) | Nessus | SuSE Local Security Checks | medium |
96139 | SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1) | Nessus | SuSE Local Security Checks | medium |
96138 | SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1) | Nessus | SuSE Local Security Checks | medium |
96133 | openSUSE Security Update : ImageMagick (openSUSE-2016-1512) | Nessus | SuSE Local Security Checks | medium |
96051 | Debian DLA-756-1 : imagemagick security update | Nessus | Debian Local Security Checks | medium |