{"id":"USN-5974-1","summary":"graphicsmagick vulnerabilities","details":"It was discovered that GraphicsMagick was not properly performing bounds\nchecks when processing TGA image files, which could lead to a heap buffer\noverflow. If a user or automated system were tricked into processing a\nspecially crafted TGA image file, an attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. This issue\nonly affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184)\n\nIt was discovered that GraphicsMagick was not properly validating bits per\npixel data when processing DIB image files. If a user or automated system\nwere tricked into processing a specially crafted DIB image file, an\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2018-20189)\n\nIt was discovered that GraphicsMagick was not properly processing\nbit-field mask values in BMP image files, which could result in the\nexecution of an infinite loop. If a user or automated system were tricked\ninto processing a specially crafted BMP image file, an attacker could\npossibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685)\n\nIt was discovered that GraphicsMagick was not properly validating data\nused in arithmetic operations when processing MNG image files, which\ncould result in a divide-by-zero error. If a user or automated system were\ntricked into processing a specially crafted MNG image file, an attacker\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018)\n\nIt was discovered that GraphicsMagick was not properly performing bounds\nchecks when processing MIFF image files, which could lead to a heap buffer\noverflow. If a user or automated system were tricked into processing a\nspecially crafted MIFF image file, an attacker could possibly use this\nissue to cause a denial of service or expose sensitive information. This\nissue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2019-11006)\n\nIt was discovered that GraphicsMagick did not properly magnify certain\nMNG image files, which could lead to a heap buffer overflow. If a user or\nautomated system were tricked into processing a specially crafted MNG\nimage file, an attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. This issue only affected Ubuntu\n20.04 LTS. (CVE-2020-12672)\n\nIt was discovered that GraphicsMagick was not properly performing bounds\nchecks when parsing certain MIFF image files, which could lead to a heap\nbuffer overflow. If a user or automated system were tricked into\nprocessing a specially crafted MIFF image file, an attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary code.\n(CVE-2022-1270)\n","modified":"2026-04-22T10:34:24.276183Z","published":"2023-03-27T16:40:44Z","related":["UBUNTU-CVE-2018-20184","UBUNTU-CVE-2018-20189","UBUNTU-CVE-2018-5685","UBUNTU-CVE-2018-9018","UBUNTU-CVE-2019-11006","UBUNTU-CVE-2020-12672","UBUNTU-CVE-2022-1270"],"upstream":["CVE-2018-20184","CVE-2018-20189","CVE-2018-5685","CVE-2018-9018","CVE-2019-11006","CVE-2020-12672","CVE-2022-1270","UBUNTU-CVE-2018-20184","UBUNTU-CVE-2018-20189","UBUNTU-CVE-2018-5685","UBUNTU-CVE-2018-9018","UBUNTU-CVE-2019-11006","UBUNTU-CVE-2020-12672","UBUNTU-CVE-2022-1270"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5974-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5685"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-9018"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20184"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20189"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11006"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-12672"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1270"}],"affected":[{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.18-1ubuntu3.1+esm8?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.18-1ubuntu3.1+esm8"}]}],"versions":["1.3.16-1.1ubuntu2","1.3.16-1.1ubuntu3","1.3.18-1ubuntu3","1.3.18-1ubuntu3.1","1.3.18-1ubuntu3.1+esm1","1.3.18-1ubuntu3.1+esm2","1.3.18-1ubuntu3.1+esm3","1.3.18-1ubuntu3.1+esm4","1.3.18-1ubuntu3.1+esm5","1.3.18-1ubuntu3.1+esm6","1.3.18-1ubuntu3.1+esm7"],"ecosystem_specific":{"binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.18-1ubuntu3.1+esm8"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.18-1ubuntu3.1+esm8"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.18-1ubuntu3.1+esm8"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.18-1ubuntu3.1+esm8"},{"binary_name":"libgraphicsmagick++3","binary_version":"1.3.18-1ubuntu3.1+esm8"},{"binary_name":"libgraphicsmagick3","binary_version":"1.3.18-1ubuntu3.1+esm8"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5974-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-5685"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-9018"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-20184"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-20189"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2019-11006"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1270"}]}}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.23-1ubuntu0.6+esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.23-1ubuntu0.6+esm2"}]}],"versions":["1.3.21-3","1.3.23-1","1.3.23-1build1","1.3.23-1ubuntu0.1","1.3.23-1ubuntu0.1+esm1","1.3.23-1ubuntu0.2","1.3.23-1ubuntu0.3","1.3.23-1ubuntu0.4","1.3.23-1ubuntu0.5","1.3.23-1ubuntu0.6","1.3.23-1ubuntu0.6+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.23-1ubuntu0.6+esm2"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.23-1ubuntu0.6+esm2"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.23-1ubuntu0.6+esm2"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.23-1ubuntu0.6+esm2"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.3.23-1ubuntu0.6+esm2"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.3.23-1ubuntu0.6+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5974-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-5685"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-9018"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-20184"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-20189"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2019-11006"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1270"}]}}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.3.28-2ubuntu0.2+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.28-2ubuntu0.2+esm1"}]}],"versions":["1.3.26-15","1.3.26-16","1.3.26-19","1.3.27-1","1.3.27-2","1.3.27-3","1.3.28-1","1.3.28-2","1.3.28-2ubuntu0.1","1.3.28-2ubuntu0.1+esm1","1.3.28-2ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_name":"graphicsmagick","binary_version":"1.3.28-2ubuntu0.2+esm1"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.3.28-2ubuntu0.2+esm1"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.3.28-2ubuntu0.2+esm1"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.3.28-2ubuntu0.2+esm1"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.3.28-2ubuntu0.2+esm1"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.3.28-2ubuntu0.2+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5974-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1270"}]}}},{"package":{"name":"graphicsmagick","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/graphicsmagick@1.4+really1.3.35-1ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4+really1.3.35-1ubuntu0.1"}]}],"versions":["1.4+really1.3.33+hg16115-1","1.4+really1.3.33+hg16115-1build1","1.4+really1.3.33+hg16117-1","1.4+really1.3.34-1","1.4+really1.3.34-2","1.4+really1.3.34+hg16181-1","1.4+really1.3.35-1"],"ecosystem_specific":{"binaries":[{"binary_name":"graphicsmagick","binary_version":"1.4+really1.3.35-1ubuntu0.1"},{"binary_name":"graphicsmagick-imagemagick-compat","binary_version":"1.4+really1.3.35-1ubuntu0.1"},{"binary_name":"graphicsmagick-libmagick-dev-compat","binary_version":"1.4+really1.3.35-1ubuntu0.1"},{"binary_name":"libgraphics-magick-perl","binary_version":"1.4+really1.3.35-1ubuntu0.1"},{"binary_name":"libgraphicsmagick++-q16-12","binary_version":"1.4+really1.3.35-1ubuntu0.1"},{"binary_name":"libgraphicsmagick-q16-3","binary_version":"1.4+really1.3.35-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5974-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-12672"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-1270"}]}}}],"schema_version":"1.7.5"}