CVE-2016-8707
Published: 23 December 2016
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
Notes
Author | Note |
---|---|
mdeslaur | This is 0175-Fix-possible-buffer-overflow-when-writing-compressed.patch and 0176-Fix-possible-buffer-overflow-when-writing-compressed.patch |
Priority
Status
Package | Release | Status |
---|---|---|
imagemagick Launchpad, Ubuntu, Debian |
precise |
Released
(8:6.6.9.7-5ubuntu3.8)
|
trusty |
Released
(8:6.7.7.10-6ubuntu3.5)
|
|
upstream |
Released
(8:6.9.7.0+dfsg-1)
|
|
xenial |
Released
(8:6.8.9.9-7ubuntu5.5)
|
|
yakkety |
Released
(8:6.8.9.9-7ubuntu8.4)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |