CVE-2016-2318

Name of the Vulnerable Software and Affected Versions GraphicsMagick version 1.3.23

Description The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by providing a crafted SVG file. This is related to the DrawImage function in magick/render.c, the SVGStartElement function in coders/svg.c, and the TraceArcPath function in magick/render.c.

Recommendations For GraphicsMagick version 1.3.23, as a temporary workaround, consider disabling the use of SVG files or restricting access to the DrawImage, SVGStartElement, and TraceArcPath functions until a patch is available. Avoid using these functions with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.