Lucene search

[email protected]CVE-2016-2317

HistoryFeb 03, 2017 - 3:59 p.m.

CVE-2016-2317

2017-02-0315:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-2317

graphicsmagick

buffer overflow

denial of service

crash

svg file

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

Affected configurations

NVD

Node

graphicsmagickgraphicsmagickMatch1.3.23

Node

debiandebian_linuxMatch8.0

Node

suselinux_enterprise_debuginfoMatch11sp4

susestudio_onsiteMatch1.3

opensuseleapMatch42.1

opensuseopensuseMatch13.2

suselinux_enterprise_software_development_kitMatch11sp4

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.23

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.23

References

lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html

www.debian.org/security/2016/dsa-3746

www.openwall.com/lists/oss-security/2016/02/11/6

www.openwall.com/lists/oss-security/2016/05/20/4

www.openwall.com/lists/oss-security/2016/05/27/4

www.openwall.com/lists/oss-security/2016/05/31/3

www.openwall.com/lists/oss-security/2016/09/07/4

www.openwall.com/lists/oss-security/2016/09/18/8

www.securityfocus.com/bid/83241

bugzilla.redhat.com/show_bug.cgi?id=1306148

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2016-2317

prion2 nvd2 osv3 openvas11 freebsd1 debiancve2 alpinelinux1 nessus9 ubuntucve2 cvelist2 archlinux1 cve1 fedora3 amazon1 mageia1 debian3 suse3