ID CVE-2016-2318
Summary GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
References
Vulnerable Configurations
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 83241
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1306148
debian DSA-3746
mlist
  • [oss-security] 20160211 Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files
  • [oss-security] 20160527 Security issues addressed in GraphicsMagick SVG reader
  • [oss-security] 20160531 Re: Security issues addressed in GraphicsMagick SVG reader
  • [oss-security] 20160906 GraphicsMagick 1.3.25 fixes some security issues
  • [oss-security] 20160918 Re: GraphicsMagick 1.3.25 fixes some security issues
suse
  • SUSE-SU-2016:1783
  • openSUSE-SU-2016:1724
  • openSUSE-SU-2016:2073
Last major update 30-10-2018 - 16:27
Published 03-02-2017 - 15:59
Last modified 30-10-2018 - 16:27
Back to Top