CVE-2016-2317

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.23

Description The issue is related to multiple buffer overflows that can be triggered by remote attackers via a crafted SVG file, leading to a denial of service (crash). This is associated with the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.

Recommendations For GraphicsMagick version 1.3.23, consider disabling the processing of SVG files or restricting access to the TracePoint(), GetToken(), and GetTransformTokens() functions until a patch is available. Avoid using these functions with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.