USN-5190-1: GraphicsMagick vulnerabilities
First published: Tue Aug 30 2022(Updated: )
It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921) It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950) It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953) It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938) It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libgraphicsmagick-q16-3 | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/graphicsmagick | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libgraphicsmagick++-q16-12 | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libgraphicsmagick-q16-3 | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/graphicsmagick | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libgraphicsmagick++-q16-12 | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libgraphicsmagick-q16-3 | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/graphicsmagick | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libgraphicsmagick++-q16-12 | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libgraphicsmagick++3 | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libgraphicsmagick3 | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/graphicsmagick | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-19953
- https://ubuntu.com/security/CVE-2019-19951
- https://ubuntu.com/security/CVE-2020-10938
- https://ubuntu.com/security/CVE-2019-12921
- https://ubuntu.com/security/CVE-2019-19950
- https://ubuntu.com/security/CVE-2020-12672
- https://ubuntu.com/security/notices/USN-5974-1
- https://ubuntu.com/security/notices/USN-5190-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What are the affected software versions for USN-5190-1?
The affected software versions for USN-5190-1 are Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM.
What is the severity of USN-5190-1?
The severity of USN-5190-1 is not specified in the provided information.
How can an attacker exploit CVE-2019-12921?
An attacker can exploit CVE-2019-12921 by using specially crafted images to read arbitrary files.
How can I fix the GraphicsMagick vulnerabilities mentioned in USN-5190-1?
To fix the GraphicsMagick vulnerabilities mentioned in USN-5190-1, you should update the affected software packages to the specified remediation versions.
Where can I find more information about the vulnerabilities mentioned in USN-5190-1?
You can find more information about the vulnerabilities mentioned in USN-5190-1 at the provided references.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-5974-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04