Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19953 (GCVE-0-2019-19953)
Vulnerability from cvelistv5
Published
2019-12-24 00:06
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/617/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19953",
"datePublished": "2019-12-24T00:06:51",
"dateReserved": "2019-12-24T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19953\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-24T01:15:11.590\",\"lastModified\":\"2024-11-21T04:35:44.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.\"},{\"lang\":\"es\",\"value\":\"En GraphicsMagick versi\u00f3n 1.4 snapshot-20191208 Q8, se presenta una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n EncodeImage del archivo coders/pict.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-12-08:*:*:*:*:*:*\",\"matchCriteriaId\":\"261F17D8-6018-4EE3-8F94-910942F6F552\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C84D9410-31B7-421A-AD99-8ED2E45A9BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/graphicsmagick/bugs/617/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4640\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/graphicsmagick/bugs/617/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-vw6h-rrf4-86pm
Vulnerability from github
Published
2022-05-24 17:05
Modified
2022-10-31 19:00
Severity ?
VLAI Severity ?
Details
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
{
"affected": [],
"aliases": [
"CVE-2019-19953"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-24T01:15:00Z",
"severity": "MODERATE"
},
"details": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
"id": "GHSA-vw6h-rrf4-86pm",
"modified": "2022-10-31T19:00:32Z",
"published": "2022-05-24T17:05:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19953"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4640"
},
{
"type": "WEB",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
opensuse-su-2020:0055-1
Vulnerability from csaf_opensuse
Published
2020-01-14 17:16
Modified
2020-01-14 17:16
Summary
Security update for GraphicsMagick
Notes
Title of the patch
Security update for GraphicsMagick
Description of the patch
This update for GraphicsMagick fixes the following issues:
- CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852)
- CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321).
- CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364).
Patchnames
openSUSE-2020-55
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for GraphicsMagick",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for GraphicsMagick fixes the following issues:\n\n- CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852)\n- CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321).\n- CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-55",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0055-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0055-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WOTKEK3CX2ISI5JBIT4J3NWCZ2KC4GHL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0055-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WOTKEK3CX2ISI5JBIT4J3NWCZ2KC4GHL/"
},
{
"category": "self",
"summary": "SUSE Bug 1159852",
"url": "https://bugzilla.suse.com/1159852"
},
{
"category": "self",
"summary": "SUSE Bug 1160321",
"url": "https://bugzilla.suse.com/1160321"
},
{
"category": "self",
"summary": "SUSE Bug 1160364",
"url": "https://bugzilla.suse.com/1160364"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19950 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19951 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19953 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19953/"
}
],
"title": "Security update for GraphicsMagick",
"tracking": {
"current_release_date": "2020-01-14T17:16:22Z",
"generator": {
"date": "2020-01-14T17:16:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0055-1",
"initial_release_date": "2020-01-14T17:16:22Z",
"revision_history": [
{
"date": "2020-01-14T17:16:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"product_id": "GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"product_id": "GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"product_id": "libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"product_id": "libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"product_id": "libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"product_id": "libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"product_id": "libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"product": {
"name": "perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"product_id": "perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
},
"product_reference": "perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19950"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19950",
"url": "https://www.suse.com/security/cve/CVE-2019-19950"
},
{
"category": "external",
"summary": "SUSE Bug 1159852 for CVE-2019-19950",
"url": "https://bugzilla.suse.com/1159852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-14T17:16:22Z",
"details": "critical"
}
],
"title": "CVE-2019-19950"
},
{
"cve": "CVE-2019-19951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19951"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19951",
"url": "https://www.suse.com/security/cve/CVE-2019-19951"
},
{
"category": "external",
"summary": "SUSE Bug 1160321 for CVE-2019-19951",
"url": "https://bugzilla.suse.com/1160321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-14T17:16:22Z",
"details": "critical"
}
],
"title": "CVE-2019-19951"
},
{
"cve": "CVE-2019-19953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19953"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19953",
"url": "https://www.suse.com/security/cve/CVE-2019-19953"
},
{
"category": "external",
"summary": "SUSE Bug 1160364 for CVE-2019-19953",
"url": "https://bugzilla.suse.com/1160364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:GraphicsMagick-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:GraphicsMagick-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-Q16-12-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick++-devel-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick-Q16-3-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagick3-config-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:libGraphicsMagickWand-Q16-2-1.3.29-lp151.4.14.1.x86_64",
"openSUSE Leap 15.1:perl-GraphicsMagick-1.3.29-lp151.4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-14T17:16:22Z",
"details": "critical"
}
],
"title": "CVE-2019-19953"
}
]
}
opensuse-su-2020:0145-1
Vulnerability from csaf_opensuse
Published
2020-01-29 16:49
Modified
2020-01-29 16:49
Summary
Security update for GraphicsMagick
Notes
Title of the patch
Security update for GraphicsMagick
Description of the patch
This update for GraphicsMagick fixes the following issues:
- CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852)
- CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321).
- CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-145
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for GraphicsMagick",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for GraphicsMagick fixes the following issues:\n\n- CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852)\n- CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321).\n- CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-145",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0145-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXH777IOYCATVGWBIW4VNUTD62RMTZ4W/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXH777IOYCATVGWBIW4VNUTD62RMTZ4W/"
},
{
"category": "self",
"summary": "SUSE Bug 1159852",
"url": "https://bugzilla.suse.com/1159852"
},
{
"category": "self",
"summary": "SUSE Bug 1160321",
"url": "https://bugzilla.suse.com/1160321"
},
{
"category": "self",
"summary": "SUSE Bug 1160364",
"url": "https://bugzilla.suse.com/1160364"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19950 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19951 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19953 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19953/"
}
],
"title": "Security update for GraphicsMagick",
"tracking": {
"current_release_date": "2020-01-29T16:49:44Z",
"generator": {
"date": "2020-01-29T16:49:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0145-1",
"initial_release_date": "2020-01-29T16:49:44Z",
"revision_history": [
{
"date": "2020-01-29T16:49:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"product_id": "GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"product_id": "GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"product_id": "libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"product_id": "libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"product_id": "libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"product_id": "libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"product_id": "libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"product": {
"name": "perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"product_id": "perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
},
"product_reference": "perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19950"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19950",
"url": "https://www.suse.com/security/cve/CVE-2019-19950"
},
{
"category": "external",
"summary": "SUSE Bug 1159852 for CVE-2019-19950",
"url": "https://bugzilla.suse.com/1159852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-29T16:49:44Z",
"details": "critical"
}
],
"title": "CVE-2019-19950"
},
{
"cve": "CVE-2019-19951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19951"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19951",
"url": "https://www.suse.com/security/cve/CVE-2019-19951"
},
{
"category": "external",
"summary": "SUSE Bug 1160321 for CVE-2019-19951",
"url": "https://bugzilla.suse.com/1160321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-29T16:49:44Z",
"details": "critical"
}
],
"title": "CVE-2019-19951"
},
{
"cve": "CVE-2019-19953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19953"
}
],
"notes": [
{
"category": "general",
"text": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19953",
"url": "https://www.suse.com/security/cve/CVE-2019-19953"
},
{
"category": "external",
"summary": "SUSE Bug 1160364 for CVE-2019-19953",
"url": "https://bugzilla.suse.com/1160364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:GraphicsMagick-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:GraphicsMagick-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-Q16-12-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick++-devel-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick-Q16-3-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagick3-config-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:libGraphicsMagickWand-Q16-2-1.3.29-bp151.5.9.1.x86_64",
"SUSE Package Hub 15 SP1:perl-GraphicsMagick-1.3.29-bp151.5.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-29T16:49:44Z",
"details": "critical"
}
],
"title": "CVE-2019-19953"
}
]
}
cnvd-2019-47199
Vulnerability from cnvd
Title: GraphicsMagick 'EncodeImage'函数缓冲区溢出漏洞
Description:
GraphicsMagick是一套简单的图像处理工具。该工具对图像提供尺寸调整、旋转、加亮等功能。
GraphicsMagick中的coders/pict.c文件的'EncodeImage'函数存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Severity: 高
Patch Name: GraphicsMagick 'EncodeImage'函数缓冲区溢出漏洞的补丁
Patch Description:
GraphicsMagick是一套简单的图像处理工具。该工具对图像提供尺寸调整、旋转、加亮等功能。
GraphicsMagick中的coders/pict.c文件的'EncodeImage'函数存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf
Reference: https://sourceforge.net/p/graphicsmagick/bugs/617/
Impacted products
| Name | GraphicsMagick GraphicsMagick 1.4 snapshot-20191208 Q8 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19953"
}
},
"description": "GraphicsMagick\u662f\u4e00\u5957\u7b80\u5355\u7684\u56fe\u50cf\u5904\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u5bf9\u56fe\u50cf\u63d0\u4f9b\u5c3a\u5bf8\u8c03\u6574\u3001\u65cb\u8f6c\u3001\u52a0\u4eae\u7b49\u529f\u80fd\u3002\n\nGraphicsMagick\u4e2d\u7684coders/pict.c\u6587\u4ef6\u7684\u0027EncodeImage\u0027\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
"formalWay": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-47199",
"openTime": "2019-12-27",
"patchDescription": "GraphicsMagick\u662f\u4e00\u5957\u7b80\u5355\u7684\u56fe\u50cf\u5904\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u5bf9\u56fe\u50cf\u63d0\u4f9b\u5c3a\u5bf8\u8c03\u6574\u3001\u65cb\u8f6c\u3001\u52a0\u4eae\u7b49\u529f\u80fd\u3002\r\n\r\nGraphicsMagick\u4e2d\u7684coders/pict.c\u6587\u4ef6\u7684\u0027EncodeImage\u0027\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "GraphicsMagick \u0027EncodeImage\u0027\u51fd\u6570\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "GraphicsMagick GraphicsMagick 1.4 snapshot-20191208 Q8"
},
"referenceLink": "https://sourceforge.net/p/graphicsmagick/bugs/617/",
"serverity": "\u9ad8",
"submitTime": "2019-12-24",
"title": "GraphicsMagick \u0027EncodeImage\u0027\u51fd\u6570\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
gsd-2019-19953
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19953",
"description": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
"id": "GSD-2019-19953",
"references": [
"https://www.suse.com/security/cve/CVE-2019-19953.html",
"https://www.debian.org/security/2020/dsa-4640",
"https://advisories.mageia.org/CVE-2019-19953.html",
"https://ubuntu.com/security/CVE-2019-19953"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19953"
],
"details": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.",
"id": "GSD-2019-19953",
"modified": "2023-12-13T01:23:54.380416Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/617/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-12-08:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19953"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/617/",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-10-31T14:49Z",
"publishedDate": "2019-12-24T01:15Z"
}
}
}
wid-sec-w-2023-2131
Vulnerability from csaf_certbund
Published
2019-12-23 23:00
Modified
2024-10-03 22:00
Summary
ImageMagick / GraphicsMagick: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten können.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick und GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten k\u00f6nnen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick und GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2131 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2131.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2131 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2131"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0275-1 vom 2020-01-31",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200275-1.html"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19953 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19953"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19952 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19952"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19951 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19951"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19950 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19950"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19949 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19949"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19948 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19948"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0411-1 vom 2020-02-19",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200411-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA 2084 vom 2020-03-02",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00029.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4640 vom 2020-03-16",
"url": "https://www.debian.org/security/2020/dsa-4640"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1180 vom 2020-03-31",
"url": "https://access.redhat.com/errata/RHSA-2020:1180"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4712 vom 2020-07-01",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4715 vom 2020-07-03",
"url": "https://www.debian.org/security/2020/dsa-4715"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2333 vom 2020-08-19",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00030.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4549-1 vom 2020-09-28",
"url": "https://usn.ubuntu.com/4549-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4670-1 vom 2020-12-15",
"url": "https://ubuntu.com/security/notices/USN-4670-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1815 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1815.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1814 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1814.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1813 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1813.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1812 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1812.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1811 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1811.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1810 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1810.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1926 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/ALAS-2024-1926.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7053-1 vom 2024-10-03",
"url": "https://ubuntu.com/security/notices/USN-7053-1"
}
],
"source_lang": "en-US",
"title": "ImageMagick / GraphicsMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:34.336+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2131",
"initial_release_date": "2019-12-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-12-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-01-01T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: DLA 2049"
},
{
"date": "2020-01-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-02-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-03-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-03-15T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-03-31T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-30T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-07-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-08-18T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-09-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-12-15T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4 snapshot-20191208 Q8",
"product": {
"name": "Open Source GraphicsMagick \u003c=1.4 snapshot-20191208 Q8",
"product_id": "T015611"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.4 snapshot-20191208 Q8",
"product": {
"name": "Open Source GraphicsMagick \u003c=1.4 snapshot-20191208 Q8",
"product_id": "T015611-fixed"
}
}
],
"category": "product_name",
"name": "GraphicsMagick"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.0.9-7 Q16",
"product": {
"name": "Open Source ImageMagick \u003c=7.0.9-7 Q16",
"product_id": "T015610"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.0.9-7 Q16",
"product": {
"name": "Open Source ImageMagick \u003c=7.0.9-7 Q16",
"product_id": "T015610-fixed"
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19948",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19948"
},
{
"cve": "CVE-2019-19949",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19949"
},
{
"cve": "CVE-2019-19950",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19950"
},
{
"cve": "CVE-2019-19951",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19951"
},
{
"cve": "CVE-2019-19952",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19952"
},
{
"cve": "CVE-2019-19953",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19953"
}
]
}
WID-SEC-W-2023-2131
Vulnerability from csaf_certbund
Published
2019-12-23 23:00
Modified
2024-10-03 22:00
Summary
ImageMagick / GraphicsMagick: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten können.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick und GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ImageMagick und GraphicsMagick sind Sammlungen von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten k\u00f6nnen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick und GraphicsMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2131 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2131.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2131 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2131"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0275-1 vom 2020-01-31",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200275-1.html"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19953 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19953"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19952 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19952"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19951 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19951"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19950 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19950"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19949 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19949"
},
{
"category": "external",
"summary": "National Vulnerbility Database CVE-2019-19948 vom 2019-12-23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19948"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:0411-1 vom 2020-02-19",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200411-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA 2084 vom 2020-03-02",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00029.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4640 vom 2020-03-16",
"url": "https://www.debian.org/security/2020/dsa-4640"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:1180 vom 2020-03-31",
"url": "https://access.redhat.com/errata/RHSA-2020:1180"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4712 vom 2020-07-01",
"url": "https://www.debian.org/security/2020/dsa-4712"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4715 vom 2020-07-03",
"url": "https://www.debian.org/security/2020/dsa-4715"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2333 vom 2020-08-19",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00030.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4549-1 vom 2020-09-28",
"url": "https://usn.ubuntu.com/4549-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4670-1 vom 2020-12-15",
"url": "https://ubuntu.com/security/notices/USN-4670-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1815 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1815.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1814 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1814.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1813 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1813.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1812 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1812.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1811 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1811.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1810 vom 2023-08-23",
"url": "https://alas.aws.amazon.com/ALAS-2023-1810.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1926 vom 2024-03-19",
"url": "https://alas.aws.amazon.com/ALAS-2024-1926.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7053-1 vom 2024-10-03",
"url": "https://ubuntu.com/security/notices/USN-7053-1"
}
],
"source_lang": "en-US",
"title": "ImageMagick / GraphicsMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-10-03T22:00:00.000+00:00",
"generator": {
"date": "2024-10-04T08:13:34.336+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-2131",
"initial_release_date": "2019-12-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2019-12-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-01-01T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: DLA 2049"
},
{
"date": "2020-01-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-02-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-03-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-03-15T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-03-31T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-30T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-07-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-08-18T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-09-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2020-12-15T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.4 snapshot-20191208 Q8",
"product": {
"name": "Open Source GraphicsMagick \u003c=1.4 snapshot-20191208 Q8",
"product_id": "T015611"
}
},
{
"category": "product_version_range",
"name": "\u003c=1.4 snapshot-20191208 Q8",
"product": {
"name": "Open Source GraphicsMagick \u003c=1.4 snapshot-20191208 Q8",
"product_id": "T015611-fixed"
}
}
],
"category": "product_name",
"name": "GraphicsMagick"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.0.9-7 Q16",
"product": {
"name": "Open Source ImageMagick \u003c=7.0.9-7 Q16",
"product_id": "T015610"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.0.9-7 Q16",
"product": {
"name": "Open Source ImageMagick \u003c=7.0.9-7 Q16",
"product_id": "T015610-fixed"
}
}
],
"category": "product_name",
"name": "ImageMagick"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19948",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19948"
},
{
"cve": "CVE-2019-19949",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19949"
},
{
"cve": "CVE-2019-19950",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19950"
},
{
"cve": "CVE-2019-19951",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19951"
},
{
"cve": "CVE-2019-19952",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19952"
},
{
"cve": "CVE-2019-19953",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in ImageMagick und GraphicsMagick aufgrund unterschiedlicher Fehler in der Speicherbehandlung (z.B. \u00dcberlauf, Use-after-Free etc.). Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu erzielen. F\u00fcr eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine b\u00f6sartig gestaltete Bilddatei zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363"
],
"last_affected": [
"T015611",
"T015610"
]
},
"release_date": "2019-12-23T23:00:00.000+00:00",
"title": "CVE-2019-19953"
}
]
}
fkie_cve-2019-19953
Vulnerability from fkie_nvd
Published
2019-12-24 01:15
Modified
2024-11-21 04:35
Severity ?
Summary
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| graphicsmagick | graphicsmagick | 1.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | backports | sle-15 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.4:2019-12-08:*:*:*:*:*:*",
"matchCriteriaId": "261F17D8-6018-4EE3-8F94-910942F6F552",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
},
{
"lang": "es",
"value": "En GraphicsMagick versi\u00f3n 1.4 snapshot-20191208 Q8, se presenta una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n EncodeImage del archivo coders/pict.c."
}
],
"id": "CVE-2019-19953",
"lastModified": "2024-11-21T04:35:44.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-24T01:15:11.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…