UBUNTU-CVE-2016-8707

Source
https://ubuntu.com/security/CVE-2016-8707
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-8707.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-8707
Related
Published
2016-12-23T00:00:00Z
Modified
2016-12-23T00:00:00Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • 7.0 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.

References

Affected packages

Ubuntu:14.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.7.7.10-6ubuntu3.5

Affected versions

8:6.*

8:6.7.7.10-5ubuntu3
8:6.7.7.10-5ubuntu4
8:6.7.7.10-6ubuntu1
8:6.7.7.10-6ubuntu2
8:6.7.7.10-6ubuntu3
8:6.7.7.10-6ubuntu3.1
8:6.7.7.10-6ubuntu3.2
8:6.7.7.10-6ubuntu3.3
8:6.7.7.10-6ubuntu3.4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "imagemagick"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "imagemagick-common"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "imagemagick-dbg"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "imagemagick-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "imagemagick-doc"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagick++-dev"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagick++-dev-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagick++5"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagick++5-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore-dev"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore-dev-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore5"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore5-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore5-extra"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickcore5-extra-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickwand-dev"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickwand-dev-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickwand5"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "libmagickwand5-dbgsym"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "perlmagick"
        },
        {
            "binary_version": "8:6.7.7.10-6ubuntu3.5",
            "binary_name": "perlmagick-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8:6.8.9.9-7ubuntu5.5

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-6.q16"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-6.q16-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-common"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-dbg"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "imagemagick-doc"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libimage-magick-perl"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libimage-magick-q16-perl"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libimage-magick-q16-perl-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-6-headers"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-6.q16-5v5"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-6.q16-5v5-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-6.q16-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-6.q16-dev-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagick++-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6-arch-config"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6-arch-config-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6-headers"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-2"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-2-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-2-extra"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-2-extra-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-6.q16-dev-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickcore-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-6-headers"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-6.q16-2"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-6.q16-2-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-6.q16-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-6.q16-dev-dbgsym"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "libmagickwand-dev"
        },
        {
            "binary_version": "8:6.8.9.9-7ubuntu5.5",
            "binary_name": "perlmagick"
        }
    ]
}