CVE-2016-8707

MEDIUM

Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

References

http://www.debian.org/security/2017/dsa-3799

http://www.securityfocus.com/bid/94727

http://www.talosintelligence.com/reports/TALOS-2016-0216/

Details

Source: MITRE

Published: 2016-12-23

Updated: 2017-11-04

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
135519EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)NessusHuawei Local Security Checks
high
131846EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)NessusHuawei Local Security Checks
high
103333Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)NessusFedora Local Security Checks
high
103314Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)NessusFedora Local Security Checks
high
97634Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3222-1)NessusUbuntu Local Security Checks
high
97475Debian DSA-3799-1 : imagemagick - security updateNessusDebian Local Security Checks
high
96296openSUSE Security Update : ImageMagick (openSUSE-2017-14)NessusSuSE Local Security Checks
medium
96139SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)NessusSuSE Local Security Checks
medium
96138SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)NessusSuSE Local Security Checks
medium
96133openSUSE Security Update : ImageMagick (openSUSE-2016-1512)NessusSuSE Local Security Checks
medium
96051Debian DLA-756-1 : imagemagick security updateNessusDebian Local Security Checks
medium