Alpine: multiple graphicsmagick packages: security update to 1.3.26-r0

critical Tenable Cloud Security Plugin ID 426599

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote
attackers to have unspecified impact via a colormap with a large number of entries. (CVE-2016-7996)

- Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows
remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers
a heap-based buffer overflow. (CVE-2016-7800)

- The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of
service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
(CVE-2016-7997)

- The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a
denial of service (out-of-bounds read) via a crafted SCT header. (CVE-2016-8682)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-7800

https://security.alpinelinux.org/vuln/CVE-2016-7996

https://security.alpinelinux.org/vuln/CVE-2016-7997

https://security.alpinelinux.org/vuln/CVE-2016-8682

https://security.alpinelinux.org/vuln/CVE-2016-8683

https://security.alpinelinux.org/vuln/CVE-2016-8684

https://security.alpinelinux.org/vuln/CVE-2016-9830

https://security.alpinelinux.org/vuln/CVE-2017-10794

https://security.alpinelinux.org/vuln/CVE-2017-10799

https://security.alpinelinux.org/vuln/CVE-2017-10800

https://security.alpinelinux.org/vuln/CVE-2017-6335

Plugin Details

Severity: Critical

ID: 426599

Version: Revision 1.6

Type: Local

Published: 5/16/2025

Updated: 10/24/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-7996

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/1/2016

Reference Information

CVE: CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830, CVE-2017-10794, CVE-2017-10799, CVE-2017-10800, CVE-2017-6335

BID: 93262, 93464, 93467, 93597, 93600, 93779, 94625, 96135, 96544, 99355, 99356, 99358