Main Vulnerability Database SB2016122404

SB2016122404 - Out-of-bounds write in ImageMagick

Published: December 24, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016122404

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2016-8707)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Remediation

Install update from vendor's website.

References

http://www.debian.org/security/2017/dsa-3799
http://www.securityfocus.com/bid/94727
http://www.talosintelligence.com/reports/TALOS-2016-0216/