CVE-2016-8707
7.8
HIGH
CVSS 3.1
EPSS 2.1%
Description
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
How to fix CVE-2016-8707
To remediate CVE-2016-8707, upgrade the affected package to a fixed version below.
- —upgrade to 8:6.9.7.0+dfsg-2 or later
Is CVE-2016-8707 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 8:6.9.7.0+dfsg-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |