CVE-2016-7997 — NULL Pointer Dereference in Graphicsmagick

CWE-476 — NULL Pointer Dereference7 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick

Timeline

PublishedJan 18

Latest updateMay 17

Description

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/graphicsmagick< graphicsmagick 1.3.25-4 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.3.25-4+3

▶NVDgraphicsmagick/graphicsmagick1.3.25

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-92gw-mq7m-p8c6: The WPG format reader in GraphicsMagick 1↗2022-05-17

▶

OSV

CVE-2016-7997: The WPG format reader in GraphicsMagick 1↗2017-01-18

▶

📋Vendor Advisories

Debian

CVE-2016-7997: graphicsmagick - The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attacke...↗2016

▶

💬Community

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [epel-all]↗2016-10-10

▶

Bugzilla

CVE-2016-7996 CVE-2016-7997 GraphicsMagick: WPG Reader Issues↗2016-10-10

▶

Bugzilla

CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-9830 GraphicsMagick: various flaws [fedora-all]↗2016-10-10

▶