CVE-2016-2318
published 2017-02-03CVE-2016-2318: GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | graphicsmagick | < graphicsmagick 1.3.24-1 (bookworm) | graphicsmagick 1.3.24-1 (bookworm) |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.24-1 | 1.3.24-1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_debuginfo | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | studio_onsite | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM