First published: Tue Aug 30 2022(Updated: )
It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921) It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950) It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953) It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938) It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libgraphicsmagick-q16-3 | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/graphicsmagick | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libgraphicsmagick++-q16-12 | <1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libgraphicsmagick-q16-3 | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/graphicsmagick | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/libgraphicsmagick++-q16-12 | <1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/libgraphicsmagick-q16-3 | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/graphicsmagick | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/libgraphicsmagick++-q16-12 | <1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/libgraphicsmagick++3 | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
Ubuntu Ubuntu | =14.04 | |
All of | ||
ubuntu/libgraphicsmagick3 | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
Ubuntu Ubuntu | =14.04 | |
All of | ||
ubuntu/graphicsmagick | <1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The affected software versions for USN-5190-1 are Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM.
The severity of USN-5190-1 is not specified in the provided information.
An attacker can exploit CVE-2019-12921 by using specially crafted images to read arbitrary files.
To fix the GraphicsMagick vulnerabilities mentioned in USN-5190-1, you should update the affected software packages to the specified remediation versions.
You can find more information about the vulnerabilities mentioned in USN-5190-1 at the provided references.