{"id":"USN-5190-1","summary":"graphicsmagick vulnerabilities","details":"It was discovered that GraphicsMagick allowed reading arbitrary files via\nspecially crafted images. An attacker could use this issue to expose sensitive\ninformation. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and\nUbuntu 18.04 ESM. (CVE-2019-12921)\n\nIt was discovered that GraphicsMagick did not correctly handle memory\nallocations for error messages. An attacker could use this issue to corrupt\nmemory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04\nESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950)\n\nIt was discovered that GraphicsMagick did not correctly handle type limits.\nAn attacker could use these issues to cause heap-based buffer overflows,\nleading to a denial of service (application crash) or possibly execute\narbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and\nUbuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953)\n\nIt was discovered that GraphicsMagick did not correctly handle the signed\ninteger limit in 32-bit applications. An attacker could use this issue to cause\na heap-based buffer overflow, leading to a denial of service (application crash)\nor possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM,\nUbuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938)\n\nIt was discovered that GraphicsMagick did not properly magnify certain\nimages. An attacker could use this issue to cause a heap-based buffer\noverflow, leading to a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2020-12672)\n","modified":"2026-02-10T04:42:24Z","published":"2022-08-30T16:03:50Z","related":["UBUNTU-CVE-2019-12921","UBUNTU-CVE-2019-19950","UBUNTU-CVE-2019-19951","UBUNTU-CVE-2019-19953","UBUNTU-CVE-2020-10938","UBUNTU-CVE-2020-12672"],"upstream":["CVE-2019-12921","CVE-2019-19950","CVE-2019-19951","CVE-2019-19953","CVE-2020-10938","CVE-2020-12672","UBUNTU-CVE-2019-12921","UBUNTU-CVE-2019-19950","UBUNTU-CVE-2019-19951","UBUNTU-CVE-2019-19953","UBUNTU-CVE-2020-10938","UBUNTU-CVE-2020-12672"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5190-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12921"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19950"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19951"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19953"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10938"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-12672"}],"affected":[{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.18-1ubuntu3.1+esm7?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.18-1ubuntu3.1+esm7"}]}],"versions":["1.3.16-1.1ubuntu2","1.3.16-1.1ubuntu3","1.3.18-1ubuntu3","1.3.18-1ubuntu3.1","1.3.18-1ubuntu3.1+esm1","1.3.18-1ubuntu3.1+esm2","1.3.18-1ubuntu3.1+esm3","1.3.18-1ubuntu3.1+esm4","1.3.18-1ubuntu3.1+esm5","1.3.18-1ubuntu3.1+esm6"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"libgraphicsmagick++1-dev","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"libgraphicsmagick++3","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"libgraphicsmagick1-dev","binary_version":"1.3.18-1ubuntu3.1+esm7"},{"binary_name":"libgraphicsmagick3","binary_version":"1.3.18-1ubuntu3.1+esm7"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2019-12921","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19950","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19951","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19953","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-10938","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-12672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5190-1.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.23-1ubuntu0.6+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.23-1ubuntu0.6+esm1"}]}],"versions":["1.3.21-3","1.3.23-1","1.3.23-1build1","1.3.23-1ubuntu0.1","1.3.23-1ubuntu0.1+esm1","1.3.23-1ubuntu0.2","1.3.23-1ubuntu0.3","1.3.23-1ubuntu0.4","1.3.23-1ubuntu0.5","1.3.23-1ubuntu0.6"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"libgraphicsmagick++1-dev","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.3.23-1ubuntu0.6+esm1"},{"binary_name":"libgraphicsmagick1-dev","binary_version":"1.3.23-1ubuntu0.6+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2019-12921","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19950","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19951","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19953","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-10938","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-12672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5190-1.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.28-2ubuntu0.1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.28-2ubuntu0.1+esm1"}]}],"versions":["1.3.26-15","1.3.26-16","1.3.26-19","1.3.27-1","1.3.27-2","1.3.27-3","1.3.28-1","1.3.28-2","1.3.28-2ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"libgraphicsmagick++1-dev","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.3.28-2ubuntu0.1+esm1"},{"binary_name":"libgraphicsmagick1-dev","binary_version":"1.3.28-2ubuntu0.1+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2019-12921","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19950","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19951","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19953","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-10938","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-12672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5190-1.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.4+really1.3.35-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4+really1.3.35-1ubuntu0.1~esm1"}]}],"versions":["1.4+really1.3.33+hg16115-1","1.4+really1.3.33+hg16115-1build1","1.4+really1.3.33+hg16117-1","1.4+really1.3.34-1","1.4+really1.3.34-2","1.4+really1.3.34+hg16181-1","1.4+really1.3.35-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"graphicsmagick","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"libgraphicsmagick++1-dev","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"},{"binary_name":"libgraphicsmagick1-dev","binary_version":"1.4+really1.3.35-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2020-12672","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5190-1.json"}}],"schema_version":"1.7.3"}