CVE-2016-8707
HIGHImageMagick - Out-of-bounds Write in TIFF Image Handling
Title source: llmDescription
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94727
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3799
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0216/
Scores
CVSS v3
7.8
EPSS
0.0214
EPSS Percentile
84.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (3)
debian/debian_linux
8.0
imagemagick/imagemagick
7.0.3-1
n/a/ImageMagick 7.0.3-1
ImageMagick 7.0.3-1
Published
Dec 23, 2016
Tracked Since
Feb 18, 2026