Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Amazon Linux Local Check: alas-2016-717

Information

Severity

Severity

Critical

Family

Family

Amazon Linux Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

3 years ago

Summary

Amazon Linux Local Security Checks

Insight

Insight

It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118 )Vulnerabilities in GraphicsMagick's SVG processing code were discovered, resulting in memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2016-2317, CVE-2016-2318, CVE-2016-5118 )

Solution

Solution

Run yum update GraphicsMagick to update your system.

Common Vulnerabilities and Exposures (CVE)