CVE-2016-5240 is a denial-of-service issue in SVG image handling. The NVD record ties it to GraphicsMagick versions before 1.3.24, and the CVE description says a circularly defined SVG file can trigger an infinite loop during conversion; the description also mentions the ImageMagick SVG renderer. The record was published in 2017, with vendor and mailing-list references in 2016 indicating the issue was dis [truncated]
CVE-2016-7997 affects the WPG format reader in GraphicsMagick 1.3.25 and earlier. A remote attacker can trigger an assertion failure and crash by supplying crafted WPG content that reaches a ReferenceBlob-related NULL pointer path. The documented impact is availability-only denial of service.
CVE-2016-7996 is a critical memory-safety flaw in GraphicsMagick’s WPG format reader. According to the NVD record, the issue affects GraphicsMagick 1.3.25 and earlier and can be triggered remotely by a crafted WPG image containing a colormap with a large number of entries. Because the flaw is a heap-based buffer overflow and the CVSS vector is network-exploitable with no privileges or user interaction, th [truncated]
