Skip to main content

Out-of-bounds Write

CVE-2016-8707

Severity High
Score 7/10

Summary

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility before 6.9.6-7 and 7.0.3-9. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

  • HIGH
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

References

Advisory Timeline

  • Published