CVE-2020-12672: Buffer Overflow
Published May 6, 2020
·Updated
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Affected Software
5 affected componentsFixes available
debian/graphicsmagick
1.4+really1.3.36+hg16481-2+deb11u11.4+really1.3.40-41.4+really1.3.45+hg17689-1
GraphicsMagick Graphicsmagick<=1.3.35
Debian Debian Linux=8.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
Remediation
Event History
May 6, 2020
CVE Published
via MITRE·02:47 AM
Data Sourced
via MITRE·02:47 AM
Description
Jan 11, 2024
Data Sourced
via Launchpad·11:38 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·02:22 AM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-12672.
2
What is the severity level of CVE-2020-12672?
The severity level of CVE-2020-12672 is high.
3
Which software versions are affected by CVE-2020-12672?
GraphicsMagick versions 1.3.28-2ubuntu0.2+ to 1.3.35 are affected by CVE-2020-12672.
4
How can I fix the vulnerability CVE-2020-12672?
Upgrade GraphicsMagick to version 1.3.36 or higher to fix the vulnerability CVE-2020-12672.
5
Where can I find more information about CVE-2020-12672?
You can find more information about CVE-2020-12672 at the following references: [link1](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025), [link2](https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html), [link3](http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html).