CVE-2019-12921

Published: 18 March 2020

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphicsmagick
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage
(1.4+really1.3.34+hg16181-1)
Ubuntu 20.10 (Groovy Gorilla) Needs triage
(1.4+really1.3.34+hg16181-1)
Ubuntu 20.04 LTS (Focal Fossa) Needs triage
(1.4+really1.3.34+hg16181-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed