USN-5190-1: GraphicsMagick vulnerabilities
30 August 2022
Several security issues were fixed in GraphicsMagick.
Releases
Packages
- graphicsmagick - collection of image processing tools
Details
It was discovered that GraphicsMagick allowed reading arbitrary files via
specially crafted images. An attacker could use this issue to expose sensitive
information. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and
Ubuntu 18.04 ESM. (CVE-2019-12921)
It was discovered that GraphicsMagick did not correctly handle memory
allocations for error messages. An attacker could use this issue to corrupt
memory or possibly execute arbitrary code. This issue only affects Ubuntu 14.04
ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2019-19950)
It was discovered that GraphicsMagick did not correctly handle type limits.
An attacker could use these issues to cause heap-based buffer overflows,
leading to a denial of service (application crash) or possibly execute
arbitrary code. These issues only affect Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and
Ubuntu 18.04 ESM. (CVE-2019-19951, CVE-2019-19953)
It was discovered that GraphicsMagick did not correctly handle the signed
integer limit in 32-bit applications. An attacker could use this issue to cause
a heap-based buffer overflow, leading to a denial of service (application crash)
or possibly execute arbitrary code. This issue only affects Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. (CVE-2020-10938)
It was discovered that GraphicsMagick did not properly magnify certain
images. An attacker could use this issue to cause a heap-based buffer
overflow, leading to a denial of service (application crash) or possibly
execute arbitrary code. (CVE-2020-12672)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libgraphicsmagick-q16-3
-
1.4+really1.3.35-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
graphicsmagick
-
1.4+really1.3.35-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
libgraphicsmagick++-q16-12
-
1.4+really1.3.35-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
libgraphicsmagick-q16-3
-
1.3.28-2ubuntu0.1+esm1
Available with Ubuntu Pro
-
graphicsmagick
-
1.3.28-2ubuntu0.1+esm1
Available with Ubuntu Pro
-
libgraphicsmagick++-q16-12
-
1.3.28-2ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libgraphicsmagick-q16-3
-
1.3.23-1ubuntu0.6+esm1
Available with Ubuntu Pro
-
graphicsmagick
-
1.3.23-1ubuntu0.6+esm1
Available with Ubuntu Pro
-
libgraphicsmagick++-q16-12
-
1.3.23-1ubuntu0.6+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
libgraphicsmagick++3
-
1.3.18-1ubuntu3.1+esm7
Available with Ubuntu Pro
-
libgraphicsmagick3
-
1.3.18-1ubuntu3.1+esm7
Available with Ubuntu Pro
-
graphicsmagick
-
1.3.18-1ubuntu3.1+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5974-1: libgraphicsmagick1-dev, graphicsmagick-imagemagick-compat, graphicsmagick-libmagick-dev-compat, libgraphicsmagick3, libgraphicsmagick-q16-3, libgraphicsmagick++3, graphicsmagick, libgraphicsmagick++1-dev, libgraphics-magick-perl, libgraphicsmagick++-q16-12