CVE-2016-8707

Published: 23 December 2016

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian
Upstream
Released (8:6.9.7.0+dfsg-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (8:6.8.9.9-7ubuntu5.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.5])

Notes

AuthorNote
mdeslaur
This is 0175-Fix-possible-buffer-overflow-when-writing-compressed.patch
and 0176-Fix-possible-buffer-overflow-when-writing-compressed.patch

References

Bugs