cpe:/a:graphicsmagick:graphicsmagick:1.3.26 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 CVE-2017-16352 2017-11-01T11:29:00.197-04:00 2019-03-08T15:58:13.160-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-03-08T15:19:49.460-05:00 BID 101658 EXPLOIT-DB 43111 DEBIAN DSA-4321 MLIST [debian-lts-announce] 20171103 [SECURITY] [DLA 1159-1] graphicsmagick security update MLIST [debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update MISC ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt MISC http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 MISC https://blogs.securiteam.com/index.php/archives/3494 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.