High severity7.8NVD Advisory· Published Dec 23, 2016· Updated May 6, 2026

CVE-2016-8707

Description

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

Affected products

ImageMagick/Imagemagick
cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.talosintelligence.com/reports/TALOS-2016-0216/nvdExploitTechnical DescriptionThird Party Advisory
www.debian.org/security/2017/dsa-3799nvdThird Party Advisory
www.securityfocus.com/bid/94727nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000