ImageMagick compression of TIFF image remote code execution vulnerability, CVE-2016-8707-a vulnerability warning-the black bar safety net

! [](/Article/UploadPic/2016-12/201612818950276. png? www. myhack58. com)
Vulnerability overview
Recently, Cisco Talos has published an article on ImageMagick remote code execution vulnerabilities notice: the Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write attacker successfully exploited vulnerability can lead to remote code execution.
About ImageMagick
! [](/Article/UploadPic/2016-12/201612818951273. png? www. myhack58. com)
ImageMagick software is written in C language, can be used to display, convert and edit graphics, supports more than 200 kinds of image file formats, and can be cross-platform operation. ImageMagick software is many programming languages support, including Perl, C++, PHP, Python, Ruby, etc., and is deployed on millions of websites, blogs, social media platforms and popular Content Management System(CMS).
Affected versions: ImageMagick version
Not affected versions: ImageMagick version = 7.0.3-9
Vulnerability analysis
Online looking for a bit of the vulnerability details of the analysis, in a Japanese blog site to find some details, interested in children’s shoes can be self-read analysis:
! [](/Article/UploadPic/2016-12/201612818951583. png? www. myhack58. com)
http://d.hatena.ne.jp/yoya/20161205/im
Solution
Upgrade to the current latest version 7.0.3-9）
ImageMagic history vulnerability
Related sources
http://blog.talosintel.com/2016/12/ImageMagick-Tiff-out-of-Bounds.html
http://d.hatena.ne.jp/yoya/20161205/im
https://security-tracker.debian.org/tracker/CVE-2016-8707