5.5

CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GraphicsmagickGraphicsmagick Version <= 1.3.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.801
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.debian.org/security/2016/dsa-3746
https://access.redhat.com/errata/RHSA-2016:1237
http://www.openwall.com/lists/oss-security/2016/05/01/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/02/14
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/89348
Third Party Advisory
VDB Entry
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=ddc999ec896c
http://www.graphicsmagick.org/ChangeLog-2016.html
Vendor Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2016/05/01/4
Third Party Advisory
Mailing List