Lucene search

[email protected]CVE-2016-9830

HistoryMar 01, 2017 - 8:59 p.m.

CVE-2016-9830

2017-03-0120:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-9830

security

graphicsmagick

nvd

vulnerability

remote attack

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.25
debian:debian_linuxdebian debian linuxeq8.0
opensuse:leapopensuse leapeq42.2
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.25
debian:debian_linux	debian debian linux	eq	8.0
opensuse:leap	opensuse leap	eq	42.2
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.2