CVE-2016-2317

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

References

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html

http://www.debian.org/security/2016/dsa-3746

http://www.openwall.com/lists/oss-security/2016/02/11/6

http://www.openwall.com/lists/oss-security/2016/05/20/4

http://www.openwall.com/lists/oss-security/2016/05/27/4

http://www.openwall.com/lists/oss-security/2016/05/31/3

http://www.openwall.com/lists/oss-security/2016/09/07/4

http://www.openwall.com/lists/oss-security/2016/09/18/8

http://www.securityfocus.com/bid/83241

https://bugzilla.redhat.com/show_bug.cgi?id=1306148

Details

Source: MITRE

Published: 2017-02-03

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
111658FreeBSD : GraphicsMagick -- SVG/Rendering vulnerability (e714b7d2-39f6-4992-9f48-e6b2f5f949df)NessusFreeBSD Local Security Checks
medium
96103Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)NessusDebian Local Security Checks
critical
92981openSUSE Security Update : GraphicsMagick (openSUSE-2016-984)NessusSuSE Local Security Checks
critical
92115Fedora 23 : GraphicsMagick (2016-7a878ed298)NessusFedora Local Security Checks
critical
92087Fedora 22 : GraphicsMagick (2016-40ccaff4d1)NessusFedora Local Security Checks
critical
92058Fedora 24 : GraphicsMagick (2016-0d90ead5d7)NessusFedora Local Security Checks
critical
91945openSUSE Security Update : GraphicsMagick (openSUSE-2016-825)NessusSuSE Local Security Checks
critical
91769Amazon Linux AMI : GraphicsMagick (ALAS-2016-717)NessusAmazon Linux Local Security Checks
critical
91299Debian DLA-484-1 : graphicsmagick security update (ImageTragick)NessusDebian Local Security Checks
high