CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2017/dsa-3799	Third Party Advisory
http://www.securityfocus.com/bid/94727	Third Party Advisory VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0216/	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

13 Dec 2022, 21:42

Type	Values Removed	Values Added
First Time		Debian Debian debian Linux
References	~~(BID) http://www.securityfocus.com/bid/94727 -~~	(BID) http://www.securityfocus.com/bid/94727 - Third Party Advisory, VDB Entry
References	~~(DEBIAN) http://www.debian.org/security/2017/dsa-3799 -~~	(DEBIAN) http://www.debian.org/security/2017/dsa-3799 - Third Party Advisory
CVSS	v2 : ~~6.8~~ v3 : ~~7.0~~	v2 : 6.8 v3 : 7.8
CPE		cpe:2.3:o:debian:debian_linux:8.0:::::::*

Information

Published : 2016-12-23 22:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-8707

Mitre link : CVE-2016-8707

CVE.ORG link : CVE-2016-8707

JSON object : View

Products Affected

debian

debian_linux

imagemagick

imagemagick

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2016-8707", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-12-23T22:59:00.330", "references": [{"url": "http://www.debian.org/security/2017/dsa-3799", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "http://www.securityfocus.com/bid/94727", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}, {"url": "http://www.talosintelligence.com/reports/TALOS-2016-0216/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality."}, {"lang": "es", "value": "Existe una escritura fuera de l\u00edmites explotable en el manejo de im\u00e1genes TIFF comprimidas en la utilidad de conversi\u00f3n ImageMagicks. Un documento TIFF manipulado puede conducir a una escritura fuera de l\u00edmites que en circunstancias particulares lo que puede ser aprovechado en la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede ser desencadenada a trav\u00e9s de cualquier TIFF controlado por el usuario que sea manipulado por esta funcionalidad."}], "lastModified": "2022-12-13T21:42:33.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "948D5778-AD2A-4293-AE39-A406D75F5678"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}