CVE-2016-5241
First published: Thu May 05 2016(Updated: )
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick | <=1.3.23 | |
| Debian Linux | =8.0 | |
| SUSE Linux | =42.1 | |
| openSUSE | =13.2 | |
| <=1.3.23 | ||
| =8.0 | ||
| =42.1 | ||
| =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hg.code.sf.net/p/graphicsmagick/code/rev/ddc999ec896c
- http://hg.code.sf.net/p/graphicsmagick/code/rev/8d175c4edfe7
- http://seclists.org/oss-sec/2016/q2/180
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1333411
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1333412
- http://seclists.org/oss-sec/2016/q2/460
- https://access.redhat.com/security/cve/CVE-2016-5240
- https://access.redhat.com/security/cve/CVE-2016-5241
- https://access.redhat.com/security/cve/CVE-2015-8808
- https://access.redhat.com/security/cve/CVE-2016-2317
- https://access.redhat.com/security/cve/CVE-2016-2318
- https://access.redhat.com/security/cve/CVE-2016-5118
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8808
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5241
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240
- http://openwall.com/lists/oss-security/2016/05/01/6
- http://openwall.com/lists/oss-security/2016/02/06/3
- http://lwn.net/Vulnerabilities/677107/
- http://openwall.com/lists/oss-security/2016/05/30/1
- http://www.graphicsmagick.org/NEWS.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1333410#c9
- https://bugzilla.redhat.com/show_bug.cgi?id=1333410
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
- http://www.graphicsmagick.org/NEWS.html#may-30-2016
- http://www.openwall.com/lists/oss-security/2016/05/01/6
- http://www.openwall.com/lists/oss-security/2016/06/02/14
- http://www.securityfocus.com/bid/89348
- https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Frequently Asked Questions
What is the severity of CVE-2016-5241?
CVE-2016-5241 has a severity rating classified under denial of service, which can result in application crashes.
How do I fix CVE-2016-5241?
To fix CVE-2016-5241, you should upgrade to GraphicsMagick version 1.3.24 or later.
What types of attacks does CVE-2016-5241 allow?
CVE-2016-5241 allows remote attackers to exploit crafted SVG files to cause a denial of service.
Which versions of GraphicsMagick are affected by CVE-2016-5241?
GraphicsMagick versions prior to 1.3.24 are affected by CVE-2016-5241.
Which operating systems are impacted by CVE-2016-5241?
CVE-2016-5241 impacts Debian GNU/Linux 8.0 and various versions of openSUSE.
- agent/type
- agent/remedy
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-5241
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/graphicsmagick
- canonical/imagemagick
- version/imagemagick/1.3.23
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- canonical/opensuse
- version/opensuse/13.2