5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
82.3%
A last instance of CVE-2016-2317 (heap buffer overflow) in the MVG
rendering code (also impacts SVG). This problem was originally
reported by Gustavo Grieco.
A possible heap overflow of the EscapeParenthesis() function.
While I was not able to reproduce it for myself, the implementation is
replaced with a different algorithm. This problem was reported by
Gustavo Grieco.
The Utah RLE reader did not validate that header information was
reasonable given the file size and so it could cause huge memory
allocations and/or consume huge amounts of CPU. This problem was
reported by Agostino Sarubbo.
The TIFF reader had a bug pertaining to use of TIFFGetField() when
a ‘count’ value is returned. The bug caused a heap read overflow (due
to using strlcpy() to copy a possibly unterminated string) which could
allow an untrusted file to crash the software.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | graphicsmagick | < 1.3.25-1 | UNKNOWN |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
82.3%