CVE-2019-12921: Command Injection
Published Mar 18, 2020
·Updated
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
Affected Software
7 affected componentsFixes available
debian/graphicsmagick
1.4+really1.3.36+hg16481-2+deb11u11.4+really1.3.40-41.4+really1.3.45+hg17689-1
GraphicsMagick Graphicsmagick<1.3.32
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
Event History
Mar 18, 2020
CVE Published
via MITRE·05:39 PM
Data Sourced
via MITRE·05:39 PM
Description
Jan 11, 2024
Data Sourced
via Launchpad·11:16 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·01:19 AM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this GraphicsMagick vulnerability?
The vulnerability ID for this GraphicsMagick vulnerability is CVE-2019-12921.
2
What is the severity level of CVE-2019-12921?
The severity level of CVE-2019-12921 is medium.
3
How does the vulnerability CVE-2019-12921 impact GraphicsMagick?
The vulnerability allows remote attackers to read arbitrary files via a crafted image due to a text filename component.
4
What versions of GraphicsMagick are affected by CVE-2019-12921?
Versions before 1.3.32 of GraphicsMagick are affected by CVE-2019-12921.
5
How can I fix the vulnerability CVE-2019-12921 in GraphicsMagick?
You can fix the vulnerability CVE-2019-12921 in GraphicsMagick by updating to version 1.3.32 or newer.