CVE-2016-2318 describes a denial-of-service condition in GraphicsMagick 1.3.23 triggered by crafted SVG content. NVD records the weakness as CWE-476 (NULL pointer dereference) and rates the issue CVSS 3.0 5.5/Medium. The CVE data ties the issue to SVG parsing/rendering paths including DrawImage, SVGStartElement, and TraceArcPath. Systems that process untrusted SVG files through affected GraphicsMagick bui [truncated]
CVE-2016-2317 is a denial-of-service vulnerability in GraphicsMagick 1.3.23 caused by multiple buffer overflows while processing crafted SVG content. The issue is described as affecting the TracePoint function in magick/render.c, GetToken in magick/utility.c, and GetTransformTokens in coders/svg.c. According to the NVD record, the impact is availability-only (CVSS 5.5, medium), and the published CVSS vect [truncated]
