These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-7800 is a high-severity GraphicsMagick flaw in the parse8BIM path. According to NVD, a crafted 8BIM chunk can trigger an integer underflow that leads to a heap-based buffer overflow and application crash. The public record ties the issue to GraphicsMagick 1.3.25 and earlier, with downstream package references also listed for some operating system releases.
CVE-2016-5241 is a denial-of-service flaw in GraphicsMagick's SVG rendering path. A crafted SVG can trigger an arithmetic exception in magick/render.c and crash the application. NVD rates the issue as medium severity and lists affected GraphicsMagick releases through 1.3.23, along with some downstream distro package CPEs.
CVE-2016-9436 describes a denial-of-service flaw in w3m's tag parsing code. A crafted HTML file can trigger improper value initialization in parsetagx.c, which may crash the application when the affected content is opened. NVD rates the issue as medium severity, with no confidentiality or integrity impact but high availability impact and a user-interaction requirement.
CVE-2016-9435 is a medium-severity denial-of-service issue in w3m. The flaw was published on 2017-01-20 and affects versions of w3m before the fixed release noted in the advisory trail. A crafted HTML file can trigger a crash through improper value initialization in HTMLtagproc1 when handling <dd> tags.
CVE-2016-5317 is a memory-safety flaw in libtiff's PixarLogDecode path. According to the NVD record, libtiff 4.0.6 and earlier are affected, and the practical impact is a denial of service through application crash when a crafted TIFF file is processed. The NVD entry rates the issue CVSS 3.0 6.5 (medium) with network reachability, low attack complexity, no privileges required, and user interaction required.
CVE-2016-5316 is a denial-of-service flaw in libtiff’s PixarLogCleanup handling. A crafted TIFF image can trigger an out-of-bounds read and crash the rgb2ycbcr tool. The issue was publicly disclosed in January 2017, and the supplied record shows later NVD metadata updates in 2026; the underlying vulnerability remains the same legacy libtiff issue. No KEV listing was provided in the source corpus.