These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10070 is a medium-severity ImageMagick parsing flaw affecting MAT file handling in coders/mat.c. The issue is described as a heap-based buffer overflow in CalcMinMax that can be triggered by a crafted MAT file, leading to an out-of-bounds read and application crash. NVD assigns CVSS v3.1 5.5 and marks availability as the primary impact.
CVE-2016-9830 is a denial-of-service issue in GraphicsMagick 1.3.25. According to the CVE description, crafted JPEG images with very large dimensions can trigger a crash in MagickRealloc in memory.c. The issue was publicly recorded by NVD on 2017-03-01, while the supplied references show patch and advisory activity in early December 2016. The weakness is categorized as CWE-20 (input validation).
CVE-2016-8866 describes a memory allocation failure in ImageMagick's AcquireMagickMemory function in MagickCore/memory.c. A crafted image can trigger the flaw, and NVD rates the issue 8.8/High with network reachability and user interaction required. The CVE notes this is an incomplete fix for CVE-2016-8862, so remediation should treat it as a follow-on memory-safety issue in the same processing path.
CVE-2016-7800 is a high-severity GraphicsMagick flaw in the parse8BIM path. According to NVD, a crafted 8BIM chunk can trigger an integer underflow that leads to a heap-based buffer overflow and application crash. The public record ties the issue to GraphicsMagick 1.3.25 and earlier, with downstream package references also listed for some operating system releases.
CVE-2016-7449 is a high-severity memory-safety issue in GraphicsMagick’s TIFF handling. According to the NVD record, TIFFGetField in coders/tiff.c can be driven by a crafted TIFF file containing an unterminated string, leading to an out-of-bounds heap read and denial of service. The CVE was published on 2017-02-06 and is rated CVSS 7.5 (network reachable, no privileges, no user interaction).
CVE-2016-7448 is a denial-of-service issue in GraphicsMagick’s Utah RLE reader. According to the NVD record, crafted header information and file size can trigger excessive CPU consumption or large memory allocations in versions before 1.3.25. The result is an availability impact only, with no indicated confidentiality or integrity effect.
CVE-2016-7447 is a critical heap-based buffer overflow in GraphicsMagick’s EscapeParenthesis function. NVD rates it 9.8 with network access, no privileges, and no user interaction required, which makes it a high-priority issue for any environment that uses GraphicsMagick directly or through packaged distributions.
CVE-2016-7446 is a critical buffer overflow in GraphicsMagick 1.3.24 affecting MVG and SVG rendering code. NVD rates the issue 9.8/CRITICAL with network attack, no privileges, and no user interaction required. The record also notes this flaw exists because of an incomplete patch for CVE-2016-2317.
CVE-2016-5241 is a denial-of-service flaw in GraphicsMagick's SVG rendering path. A crafted SVG can trigger an arithmetic exception in magick/render.c and crash the application. NVD rates the issue as medium severity and lists affected GraphicsMagick releases through 1.3.23, along with some downstream distro package CPEs.
CVE-2016-9436 describes a denial-of-service flaw in w3m's tag parsing code. A crafted HTML file can trigger improper value initialization in parsetagx.c, which may crash the application when the affected content is opened. NVD rates the issue as medium severity, with no confidentiality or integrity impact but high availability impact and a user-interaction requirement.
CVE-2016-9435 is a medium-severity denial-of-service issue in w3m. The flaw was published on 2017-01-20 and affects versions of w3m before the fixed release noted in the advisory trail. A crafted HTML file can trigger a crash through improper value initialization in HTMLtagproc1 when handling <dd> tags.
CVE-2016-5317 is a memory-safety flaw in libtiff's PixarLogDecode path. According to the NVD record, libtiff 4.0.6 and earlier are affected, and the practical impact is a denial of service through application crash when a crafted TIFF file is processed. The NVD entry rates the issue CVSS 3.0 6.5 (medium) with network reachability, low attack complexity, no privileges required, and user interaction required.
CVE-2016-5316 is a denial-of-service flaw in libtiff’s PixarLogCleanup handling. A crafted TIFF image can trigger an out-of-bounds read and crash the rgb2ycbcr tool. The issue was publicly disclosed in January 2017, and the supplied record shows later NVD metadata updates in 2026; the underlying vulnerability remains the same legacy libtiff issue. No KEV listing was provided in the source corpus.