usn-5190-1
Vulnerability from osv_ubuntu
It was discovered that GraphicsMagick allowed reading arbitrary files via specially crafted images. An attacker could use this issue to expose sensitive information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-12921)
It was discovered that GraphicsMagick did not correctly handle memory allocations for error messages. An attacker could use this issue to corrupt memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950)
It was discovered that GraphicsMagick did not correctly handle type limits. An attacker could use these issues to cause heap-based buffer overflows, leading to a denial of service (application crash) or possibly execute arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953)
It was discovered that GraphicsMagick did not correctly handle the signed integer limit in 32-bit applications. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938)
It was discovered that GraphicsMagick did not properly magnify certain images. An attacker could use this issue to cause a heap-based buffer overflow, leading to a denial of service (application crash) or possibly execute arbitrary code. (CVE-2020-12672)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-12921",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19950",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19951",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19953",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10938",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-12672",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "graphicsmagick",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
},
{
"binary_name": "graphicsmagick-imagemagick-compat",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
},
{
"binary_name": "graphicsmagick-libmagick-dev-compat",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
},
{
"binary_name": "libgraphics-magick-perl",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
},
{
"binary_name": "libgraphicsmagick++3",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
},
{
"binary_name": "libgraphicsmagick3",
"binary_version": "1.3.18-1ubuntu3.1+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "graphicsmagick",
"purl": "pkg:deb/ubuntu/graphicsmagick@1.3.18-1ubuntu3.1+esm7?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.18-1ubuntu3.1+esm7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.16-1.1ubuntu2",
"1.3.16-1.1ubuntu3",
"1.3.18-1ubuntu3",
"1.3.18-1ubuntu3.1",
"1.3.18-1ubuntu3.1+esm1",
"1.3.18-1ubuntu3.1+esm2",
"1.3.18-1ubuntu3.1+esm3",
"1.3.18-1ubuntu3.1+esm4",
"1.3.18-1ubuntu3.1+esm5",
"1.3.18-1ubuntu3.1+esm6"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-12921",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19950",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19951",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19953",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10938",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-12672",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "graphicsmagick",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
},
{
"binary_name": "graphicsmagick-imagemagick-compat",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
},
{
"binary_name": "graphicsmagick-libmagick-dev-compat",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
},
{
"binary_name": "libgraphics-magick-perl",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
},
{
"binary_name": "libgraphicsmagick++-q16-12",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
},
{
"binary_name": "libgraphicsmagick-q16-3",
"binary_version": "1.3.23-1ubuntu0.6+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "graphicsmagick",
"purl": "pkg:deb/ubuntu/graphicsmagick@1.3.23-1ubuntu0.6+esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.23-1ubuntu0.6+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.21-3",
"1.3.23-1",
"1.3.23-1build1",
"1.3.23-1ubuntu0.1",
"1.3.23-1ubuntu0.1+esm1",
"1.3.23-1ubuntu0.2",
"1.3.23-1ubuntu0.3",
"1.3.23-1ubuntu0.4",
"1.3.23-1ubuntu0.5",
"1.3.23-1ubuntu0.6"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-12921",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19950",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19951",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2019-19953",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10938",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-12672",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "graphicsmagick",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
},
{
"binary_name": "graphicsmagick-imagemagick-compat",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
},
{
"binary_name": "graphicsmagick-libmagick-dev-compat",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
},
{
"binary_name": "libgraphics-magick-perl",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
},
{
"binary_name": "libgraphicsmagick++-q16-12",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
},
{
"binary_name": "libgraphicsmagick-q16-3",
"binary_version": "1.3.28-2ubuntu0.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "graphicsmagick",
"purl": "pkg:deb/ubuntu/graphicsmagick@1.3.28-2ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.28-2ubuntu0.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.26-15",
"1.3.26-16",
"1.3.26-19",
"1.3.27-1",
"1.3.27-2",
"1.3.27-3",
"1.3.28-1",
"1.3.28-2",
"1.3.28-2ubuntu0.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-12672",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "graphicsmagick",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
},
{
"binary_name": "graphicsmagick-imagemagick-compat",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
},
{
"binary_name": "graphicsmagick-libmagick-dev-compat",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
},
{
"binary_name": "libgraphics-magick-perl",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
},
{
"binary_name": "libgraphicsmagick++-q16-12",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
},
{
"binary_name": "libgraphicsmagick-q16-3",
"binary_version": "1.4+really1.3.35-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "graphicsmagick",
"purl": "pkg:deb/ubuntu/graphicsmagick@1.4+really1.3.35-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4+really1.3.35-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.4+really1.3.33+hg16115-1",
"1.4+really1.3.33+hg16115-1build1",
"1.4+really1.3.33+hg16117-1",
"1.4+really1.3.34-1",
"1.4+really1.3.34-2",
"1.4+really1.3.34+hg16181-1",
"1.4+really1.3.35-1"
]
}
],
"aliases": [],
"details": "It was discovered that GraphicsMagick allowed reading arbitrary files via\nspecially crafted images. An attacker could use this issue to expose sensitive\ninformation. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and\nUbuntu 18.04 ESM. (CVE-2019-12921)\n\nIt was discovered that GraphicsMagick did not correctly handle memory\nallocations for error messages. An attacker could use this issue to corrupt\nmemory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04\nESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950)\n\nIt was discovered that GraphicsMagick did not correctly handle type limits.\nAn attacker could use these issues to cause heap-based buffer overflows,\nleading to a denial of service (application crash) or possibly execute\narbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and\nUbuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953)\n\nIt was discovered that GraphicsMagick did not correctly handle the signed\ninteger limit in 32-bit applications. An attacker could use this issue to cause\na heap-based buffer overflow, leading to a denial of service (application crash)\nor possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM,\nUbuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938)\n\nIt was discovered that GraphicsMagick did not properly magnify certain\nimages. An attacker could use this issue to cause a heap-based buffer\noverflow, leading to a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2020-12672)\n",
"id": "USN-5190-1",
"modified": "2026-06-29T10:52:52Z",
"published": "2022-08-30T16:03:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5190-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-12921"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-19950"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-19951"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-19953"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-10938"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-12672"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "graphicsmagick vulnerabilities",
"upstream": [
"UBUNTU-CVE-2019-12921",
"UBUNTU-CVE-2019-19950",
"UBUNTU-CVE-2019-19951",
"UBUNTU-CVE-2019-19953",
"UBUNTU-CVE-2020-10938",
"UBUNTU-CVE-2020-12672"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.