CVE-2019-12921
published 2020-03-18CVE-2019-12921: In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | graphicsmagick | < graphicsmagick 1.4~hg16039-1 (bookworm) | graphicsmagick 1.4~hg16039-1 (bookworm) |
| graphicsmagick | graphicsmagick | < 1.3.32 | 1.3.32 |
| graphicsmagick | graphicsmagick | >= 0 < 1.4~hg16039-1 | 1.4~hg16039-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.4~hg16039-1 | 1.4~hg16039-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.4~hg16039-1 | 1.4~hg16039-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.4~hg16039-1 | 1.4~hg16039-1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.18-1ubuntu3.1+esm7 | 1.3.18-1ubuntu3.1+esm7 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.23-1ubuntu0.6+esm1 | 1.3.23-1ubuntu0.6+esm1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.28-2ubuntu0.1+esm1 | 1.3.28-2ubuntu0.1+esm1 |
| graphicsmagick | graphicsmagick | >= 0 < 1.4+really1.3.35-1ubuntu0.1~esm1 | 1.4+really1.3.35-1ubuntu0.1~esm1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM