First published: Wed May 06 2020(Updated: )
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Graphicsmagick Graphicsmagick | <=1.3.35 | |
Debian Debian Linux | =8.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.1 | |
debian/graphicsmagick | 1.4+really1.3.36+hg16481-2+deb11u1 1.4+really1.3.40-4 1.4+really1.3.45-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-12672.
The severity level of CVE-2020-12672 is high.
GraphicsMagick versions 1.3.28-2ubuntu0.2+ to 1.3.35 are affected by CVE-2020-12672.
Upgrade GraphicsMagick to version 1.3.36 or higher to fix the vulnerability CVE-2020-12672.
You can find more information about CVE-2020-12672 at the following references: [link1](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025), [link2](https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html), [link3](http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html).