关键信息 CVE编号: - CVE-2016-2317 - CVE-2016-2318 漏洞类型: - 堆缓冲区溢出 (heap-buffer-overflow) - 栈缓冲区溢出 (stack-buffer-overflow) - 地址错误 (SEGV) 受影响的软件: - GraphicsMagick (版本: 1.3.23) 涉及的文件和函数: - magick/render.c:5125 - utility.c:2638 - svg.c:361 - render.c:2999 - svg.c:1753 - render.c:4550 详细错误信息: - WRITE of size 8 in TracePoint at magick/render.c:5125 - WRITE of size 1 in GetToken at magick/utility.c:2638 - WRITE of size 8 in GetTransformTokens at coders/svg.c:361 - SEGV on unknown address 0x000000000000 in DrawImage at magick/render.c:2999 - SEGV on unknown address 0x000000000000 in SVGStartElement at coders/svg.c:1753 - SEGV on unknown address 0x000000000000 in TraceArcPath at magick/render.c:4550 测试工具: - AddressSanitizer