edit-icon download-icon

[Vulnerability notice] CVE-2016-8707: Remote code execution vulnerability in TIFF image compression of ImageMagick

Last Updated: May 04, 2018

Recently, Cisco Talos has published a publication about a remote code execution vulnerability in ImageMagick. Attackers who successfully exploit this vulnerability can run code remotely.

See the following for more information about the vulnerability.


CVE identifier

CVE-2016-8707

Vulnerability name

Remote code execution vulnerability in TIFF image compression of ImageMagick

Vulnerability rating

High

Vulnerability description

Hackers can exploit this vulnerability to run commands remotely, which can result in service interruption or data leakage.

Condition and method of exploitation

The exploitation is complex. No PoC is published yet.

Affected scope

ImageMagick version < 7.0.3-9

How to fix or mitigate

Upgrade ImageMagick to 7.0.3-9 or a later version.

Reference

[1]. http://d.hatena.ne.jp/yoya/20161205/im
[2]. https://security-tracker.debian.org/tracker/CVE-2016-8707
[3]. http://blog.talosintel.com/2016/12/ImageMagick-Tiff-out-of-Bounds.html
[4]. http://d.hatena.ne.jp/yoya/20161205/im

Thank you! We've received your feedback.