CVE-2016-2317
published 2017-02-03CVE-2016-2317: Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1)…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | graphicsmagick | < graphicsmagick 1.3.25-1 (bookworm) | graphicsmagick 1.3.25-1 (bookworm) |
| debian | graphicsmagick | < graphicsmagick 1.3.24-1 (bookworm) | graphicsmagick 1.3.24-1 (bookworm) |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.25-1 | 1.3.25-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.25-1 | 1.3.25-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.25-1 | 1.3.25-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.25-1 | 1.3.25-1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_debuginfo | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | studio_onsite | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM