Candidate: CVE-2016-7996
PublicDate: 2017-01-18 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996
 http://www.openwall.com/lists/oss-security/2016/10/08/5
Description:
 Heap-based buffer overflow in the WPG format reader in GraphicsMagick
 1.3.25 and earlier allows remote attackers to have unspecified impact via a
 colormap with a large number of entries.
Ubuntu-Description:
 It was discovered that GraphicsMagick incorrectly handled certain image
 files. An attacker could possibly use this issue to cause a denial of
 service or other unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by: Moshe Kaplan
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_graphicsmagick:
upstream_graphicsmagick: released (1.3.21-2)
precise_graphicsmagick: ignored (reached end-of-life)
precise/esm_graphicsmagick: DNE (precise was needs-triage)
trusty_graphicsmagick: released (1.3.18-1ubuntu3.1)
trusty/esm_graphicsmagick: released (1.3.18-1ubuntu3.1)
vivid/stable-phone-overlay_graphicsmagick: DNE
vivid/ubuntu-core_graphicsmagick: DNE
xenial_graphicsmagick: released (1.3.23-1ubuntu0.1)
yakkety_graphicsmagick: not-affected
zesty_graphicsmagick: not-affected
artful_graphicsmagick: not-affected
bionic_graphicsmagick: not-affected
cosmic_graphicsmagick: not-affected
devel_graphicsmagick: not-affected