5.5

CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphicsmagickGraphicsmagick Version1.3.23
DebianDebian Linux Version8.0
SuseLinux Enterprise Debuginfo Version11 Updatesp4
SuseStudio Onsite Version1.3
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.88% 0.768
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.debian.org/security/2016/dsa-3746
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/02/11/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/05/27/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/05/31/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/09/07/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/09/18/8
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/83241
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1306148
Issue Tracking