Tuesday, December 6, 2016

Vulnerability Spotlight: ImageMagick Convert Tiff Out of Bounds Write

Vulnerability discovered by Tyler Bohan 

Overview

Talos is disclosing TALOS-2016-0216 / CVE-2016-8707, an out of bounds write vulnerability in ImageMagick. ImageMagick is a photo editing software program that allows users to edit and manipulate various types of image files. This particular vulnerability lies in the convert utility that is bundled as part of ImageMagick. The utility is used to parse and convert images and other formats interchangeably. The vulnerability occurs when attempting to deflate an Adobe Deflate compressed Tiff image. The buffer that is created to hold decompressed data associated with the Tiff image is not large enough to hold the decompressed stream. This results in a controlled out of bounds write that under proper circumstances could be exploited into full remote code execution. The full details surrounding the vulnerability are available here.

Coverage

The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.

Snort Rules: 40914-40915

No comments:

Post a Comment