Published: 03/02/2017 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote malicious users to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
graphicsmagick graphicsmagick 1.3.23
debian debian linux 8.0
suse studio onsite 1.3
suse linux enterprise software development kit 11
opensuse leap 42.1
suse linux enterprise debuginfo 11
opensuse opensuse 13.2

Debian Bug report logs - #814732 graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318) Package: src:graphicsmagick; Maintainer for src:graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Feb 2016 19:27:01 UTC Severity: important ...

It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would lead to arbitrary execution of shell commands with t ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=1306148 http://www.securityfocus.com/bid/83241 http://www.openwall.com/lists/oss-security/2016/09/18/8 http://www.openwall.com/lists/oss-security/2016/09/07/4 http://www.openwall.com/lists/oss-security/2016/05/31/3 http://www.openwall.com/lists/oss-security/2016/05/27/4 http://www.openwall.com/lists/oss-security/2016/05/20/4 http://www.openwall.com/lists/oss-security/2016/02/11/6 http://www.debian.org/security/2016/dsa-3746 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814732 https://alas.aws.amazon.com/ALAS-2016-717.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-2317

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect