These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-7997 affects the WPG format reader in GraphicsMagick 1.3.25 and earlier. A remote attacker can trigger an assertion failure and crash by supplying crafted WPG content that reaches a ReferenceBlob-related NULL pointer path. The documented impact is availability-only denial of service.
CVE-2016-7996 is a critical memory-safety flaw in GraphicsMagick’s WPG format reader. According to the NVD record, the issue affects GraphicsMagick 1.3.25 and earlier and can be triggered remotely by a crafted WPG image containing a colormap with a large number of entries. Because the flaw is a heap-based buffer overflow and the CVSS vector is network-exploitable with no privileges or user interaction, th [truncated]