CVE-2016-8707 HIGH

CVE-2016-8707

Vendor N/A
Product ImageMagick 7.0.3-1
Published December 23, 2016
Last update August 6, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Key dates

02Disclosure timeline

December 23, 2016 CVE published
August 6, 2024 Record updated