CVE-2016-7447Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
9.8CRITICALNVD
EPSS
2.0%
top 16.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
GraphicsmagickDebian GraphicsmagickDebian Linux+2 more
Timeline
PublishedFeb 6
Latest updateMay 14

Description

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

debiandebian/graphicsmagick< graphicsmagick 1.3.25-1 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.25-1+3
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-22w8-27w2-f55c: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 12022-05-14
CVEList
CVE-2016-7447: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 12017-02-06
OSV
CVE-2016-7447: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 12017-02-06

📋Vendor Advisories

1
Debian
CVE-2016-7447: graphicsmagick - Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick b...2016

💬Community

4
Bugzilla
CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 GraphicsMagick: various issues fixed in 1.3.25 [epel-all]2016-09-08
Bugzilla
CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 GraphicsMagick: various issues fixed in 1.3.252016-09-08
Bugzilla
CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449 GraphicsMagick: various issues fixed in 1.3.25 [fedora-all]2016-09-08
Bugzilla
CVE-2013-7447 gtk2, gtk3: Integer overflow in image handling2016-02-11