Lucene search

[email protected]CVE-2016-2317

HistoryFeb 03, 2017 - 3:59 p.m.

CVE-2016-2317

2017-02-0315:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-2317

graphicsmagick

buffer overflow

denial of service

crash

svg file

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.23
debian:debian_linuxdebian debian linuxeq8.0
suse:studio_onsitesuse studio onsiteeq1.3
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq11
suse:linux_enterprise_debuginfosuse linux enterprise debuginfoeq11
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.23
debian:debian_linux	debian debian linux	eq	8.0
suse:studio_onsite	suse studio onsite	eq	1.3
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	11
suse:linux_enterprise_debuginfo	suse linux enterprise debuginfo	eq	11
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.2