Vulnerability Details : CVE-2016-8707
Potential exploit
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
Vulnerability category: Execute code
Products affected by CVE-2016-8707
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8707
1.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8707
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
Talos | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-8707
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8707
-
http://www.talosintelligence.com/reports/TALOS-2016-0216/
TALOS-2016-0216 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/94727
ImageMagick 'coders/tiff.c' Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3799
Debian -- Security Information -- DSA-3799-1 imagemagickThird Party Advisory
Jump to