CVE-2016-5241 — Graphicsmagick vulnerability

CWE-1898 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 42.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Linux +2 more

Timeline

PublishedFeb 3

Latest updateMay 14

Description

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.24-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.24-1+3

▶NVDgraphicsmagick/graphicsmagick1.3.23

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-6grq-fvm2-cg2v: magick/render↗2022-05-14

▶

OSV

CVE-2016-5241: magick/render↗2017-02-03

▶

📋Vendor Advisories

Debian

CVE-2016-5241: graphicsmagick - magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause...↗2016

▶

💬Community

Bugzilla

CVE-2016-4552 roundcube: XSS vulnerability in mail content page↗2016-05-25

▶

Bugzilla

CVE-2016-5241 GraphicsMagick: SVG converting issues [epel-all]↗2016-05-05

▶

Bugzilla

CVE-2016-5241 GraphicsMagick: SVG converting issues↗2016-05-05

▶

Bugzilla

CVE-2016-5241 GraphicsMagick: SVG converting issues [fedora-all]↗2016-05-05

▶