Executive Summary

Informations
NameCVE-2016-5240First vendor Publication2017-02-27
VendorCveLast vendor Modification2018-05-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application57

Nessus® Vulnerability Scanner

DateDescription
2017-05-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1029.nasl - Type : ACT_GATHER_INFO
2016-12-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3746.nasl - Type : ACT_GATHER_INFO
2016-08-16Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-984.nasl - Type : ACT_GATHER_INFO
2016-08-02Name : The remote Debian host is missing a security update.
File : debian_DLA-547.nasl - Type : ACT_GATHER_INFO
2016-07-05Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-825.nasl - Type : ACT_GATHER_INFO
2016-06-23Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-716.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160617_ImageMagick_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-06-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-1237.nasl - Type : ACT_GATHER_INFO
2016-06-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-1237.nasl - Type : ACT_GATHER_INFO
2016-06-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-1237.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/89348
CONFIRM http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=ddc999ec896c
http://www.graphicsmagick.org/ChangeLog-2016.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-295209...
DEBIAN http://www.debian.org/security/2016/dsa-3746
MLIST http://www.openwall.com/lists/oss-security/2016/05/01/4
http://www.openwall.com/lists/oss-security/2016/05/01/6
http://www.openwall.com/lists/oss-security/2016/06/02/14
REDHAT https://access.redhat.com/errata/RHSA-2016:1237

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2019-03-20 12:07:38
  • Multiple Updates
2018-05-18 09:19:24
  • Multiple Updates
2018-02-28 12:03:20
  • Multiple Updates
2018-01-05 09:23:51
  • Multiple Updates
2017-11-04 09:23:44
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2017-03-01 00:23:33
  • Multiple Updates
2017-02-28 05:23:11
  • First insertion