Upstream information

CVE-2016-2318 at MITRE

Description

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Access Vector Local
Access Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entry: 965853 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • GraphicsMagick >= 1.2.5-4.41.1
  • libGraphicsMagick2 >= 1.2.5-4.41.1
  • perl-GraphicsMagick >= 1.2.5-4.41.1
Patchnames:
sdksp4-GraphicsMagick-12644
SUSE Studio Onsite 1.3
  • GraphicsMagick >= 1.2.5-4.41.1
  • libGraphicsMagick2 >= 1.2.5-4.41.1
Patchnames:
slestso13-GraphicsMagick-12644
openSUSE 13.2
  • GraphicsMagick >= 1.3.20-9.1
  • GraphicsMagick-debuginfo >= 1.3.20-9.1
  • GraphicsMagick-debugsource >= 1.3.20-9.1
  • GraphicsMagick-devel >= 1.3.20-9.1
  • libGraphicsMagick++-Q16-3 >= 1.3.20-9.1
  • libGraphicsMagick++-Q16-3-debuginfo >= 1.3.20-9.1
  • libGraphicsMagick++-devel >= 1.3.20-9.1
  • libGraphicsMagick-Q16-3 >= 1.3.20-9.1
  • libGraphicsMagick-Q16-3-debuginfo >= 1.3.20-9.1
  • libGraphicsMagick3-config >= 1.3.20-9.1
  • libGraphicsMagickWand-Q16-2 >= 1.3.20-9.1
  • libGraphicsMagickWand-Q16-2-debuginfo >= 1.3.20-9.1
  • perl-GraphicsMagick >= 1.3.20-9.1
  • perl-GraphicsMagick-debuginfo >= 1.3.20-9.1
Patchnames:
openSUSE-2016-825
openSUSE Leap 42.1
  • GraphicsMagick >= 1.3.21-11.1
  • GraphicsMagick-debuginfo >= 1.3.21-11.1
  • GraphicsMagick-debugsource >= 1.3.21-11.1
  • GraphicsMagick-devel >= 1.3.21-11.1
  • libGraphicsMagick++-Q16-11 >= 1.3.21-11.1
  • libGraphicsMagick++-Q16-11-debuginfo >= 1.3.21-11.1
  • libGraphicsMagick++-devel >= 1.3.21-11.1
  • libGraphicsMagick-Q16-3 >= 1.3.21-11.1
  • libGraphicsMagick-Q16-3-debuginfo >= 1.3.21-11.1
  • libGraphicsMagick3-config >= 1.3.21-11.1
  • libGraphicsMagickWand-Q16-2 >= 1.3.21-11.1
  • libGraphicsMagickWand-Q16-2-debuginfo >= 1.3.21-11.1
  • perl-GraphicsMagick >= 1.3.21-11.1
  • perl-GraphicsMagick-debuginfo >= 1.3.21-11.1
Patchnames:
openSUSE-2016-984