Your submission was sent successfully! Close

CVE-2019-12921

Published: 18 March 2020

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphicsmagick
Launchpad, Ubuntu, Debian
bionic Needed

eoan Not vulnerable
(1.4+really1.3.33+hg16115-1)
focal Not vulnerable
(1.4+really1.3.35-1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(1.4+really1.3.38-1)
precise Does not exist

trusty Needed

upstream Not vulnerable
(1.3.32)
xenial Ignored
(end of standard support, was needed)