CVE-2016-2318

Upstream information

CVE-2016-2318 at MITRE

Description

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Access Vector	Local
Access Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entries: 1047356 [RESOLVED / FIXED], 965853 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2016:1783-1, published Mon, 11 Jul 2016 16:19:50 +0200 (CEST)
openSUSE-SU-2016:1724-1, published Fri, 1 Jul 2016 17:07:58 +0200 (CEST)
openSUSE-SU-2016:2073-1, published Mon, 15 Aug 2016 15:11:03 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Software Development Kit 11 SP4	`GraphicsMagick >= 1.2.5-4.41.1` `libGraphicsMagick2 >= 1.2.5-4.41.1` `perl-GraphicsMagick >= 1.2.5-4.41.1`	Patchnames: sdksp4-GraphicsMagick-12644
SUSE Studio Onsite 1.3	`GraphicsMagick >= 1.2.5-4.41.1` `libGraphicsMagick2 >= 1.2.5-4.41.1`	Patchnames: slestso13-GraphicsMagick-12644
openSUSE Leap 42.1	`GraphicsMagick >= 1.3.21-11.1` `GraphicsMagick-debuginfo >= 1.3.21-11.1` `GraphicsMagick-debugsource >= 1.3.21-11.1` `GraphicsMagick-devel >= 1.3.21-11.1` `libGraphicsMagick++-Q16-11 >= 1.3.21-11.1` `libGraphicsMagick++-Q16-11-debuginfo >= 1.3.21-11.1` `libGraphicsMagick++-devel >= 1.3.21-11.1` `libGraphicsMagick-Q16-3 >= 1.3.21-11.1` `libGraphicsMagick-Q16-3-debuginfo >= 1.3.21-11.1` `libGraphicsMagick3-config >= 1.3.21-11.1` `libGraphicsMagickWand-Q16-2 >= 1.3.21-11.1` `libGraphicsMagickWand-Q16-2-debuginfo >= 1.3.21-11.1` `perl-GraphicsMagick >= 1.3.21-11.1` `perl-GraphicsMagick-debuginfo >= 1.3.21-11.1`	Patchnames: openSUSE-2016-984

CVE-2016-2318

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Supportangebote

SUSE Global Services

Supportressourcen

Partner

Communities

Info