High severity7.8NVD Advisory· Published Dec 23, 2016· Updated Jun 17, 2026
CVE-2016-8707
CVE-2016-8707
Description
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*
- osv-coords14 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2
< 6.8.8.1-54.1+ 13 more
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.4.3.6-7.60.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.4.3.6-7.60.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.4.3.6-7.60.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
- (no CPE)range: < 6.8.8.1-54.1
Patches
Vulnerability mechanics
References
3- www.talosintelligence.com/reports/TALOS-2016-0216/nvdExploitTechnical DescriptionThird Party Advisory
- www.debian.org/security/2017/dsa-3799nvdThird Party Advisory
- www.securityfocus.com/bid/94727nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.