HomePentest-Tools.com Logo

GraphicsMagick SVG File Parsing Denial of Service Vulnerability-02 (Windows) CVE-2016-2317

Severity
CVSSv3 Score
5.5
Vulnerability description

GraphicsMagick is prone to a denial of service (DoS) vulnerability.

Risk description

The flaw is due to heap and stack buffer overflow errors in TracePoint function in magick/render.c, GetToken function in magick/utility.c, and GetTransformTokens function in coders/svg.c related with the parsing and processing of SVG files. Successful exploitation will allow remote attackers to cause a denial of service via a crafted SVG file.

Recommendation

Upgrade to version 1.3.25 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 3, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available