Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2016-2318

Published: 03/02/2017 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Graphicsmagick

Vulnerability Summary

GraphicsMagick 1.3.23 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

Vulnerable Product Search on Vulmon Subscribe to Product

graphicsmagick graphicsmagick 1.3.23

debian debian linux 8.0

opensuse opensuse 13.2

suse studio onsite 1.3

suse linux enterprise software development kit 11

suse linux enterprise debuginfo 11

opensuse leap 42.1

Vendor Advisories

Debian CVElist Bug Report Logs: graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318)
Debian Bug report logs - #814732 graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318) Package: src:graphicsmagick; Maintainer for src:graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Feb 2016 19:27:01 UTC Severity: important ...
Amazon Linux AMI: ALAS-2016-717
It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would lead to arbitrary execution of shell commands with t ...

References

CWE-476https://bugzilla.redhat.com/show_bug.cgi?id=1306148http://www.securityfocus.com/bid/83241http://www.openwall.com/lists/oss-security/2016/09/18/8http://www.openwall.com/lists/oss-security/2016/09/07/4http://www.openwall.com/lists/oss-security/2016/05/31/3http://www.openwall.com/lists/oss-security/2016/05/27/4http://www.openwall.com/lists/oss-security/2016/02/11/6http://www.debian.org/security/2016/dsa-3746http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814732https://alas.aws.amazon.com/ALAS-2016-717.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook