CVE-2016-8707

2016-12-2300:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.3%

JSON

An exploitable out of bounds write exists in the handling of compressed
TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can
lead to an out of bounds write which in particular circumstances could be
leveraged into remote code execution. The vulnerability can be triggered
through any user controlled TIFF that is handled by this functionality.

Bugs

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848139>

Notes

Author	Note
mdeslaur	This is 0175-Fix-possible-buffer-overflow-when-writing-compressed.patch and 0176-Fix-possible-buffer-overflow-when-writing-compressed.patch

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchimagemagick< 8:6.6.9.7-5ubuntu3.8UNKNOWN
ubuntu14.04noarchimagemagick< 8:6.7.7.10-6ubuntu3.5UNKNOWN
ubuntu16.04noarchimagemagick< 8:6.8.9.9-7ubuntu5.5UNKNOWN
ubuntu16.10noarchimagemagick< 8:6.8.9.9-7ubuntu8.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	imagemagick	< 8:6.6.9.7-5ubuntu3.8	UNKNOWN
ubuntu	14.04	noarch	imagemagick	< 8:6.7.7.10-6ubuntu3.5	UNKNOWN
ubuntu	16.04	noarch	imagemagick	< 8:6.8.9.9-7ubuntu5.5	UNKNOWN
ubuntu	16.10	noarch	imagemagick	< 8:6.8.9.9-7ubuntu8.4	UNKNOWN