CVE DATABASE / CVE-2019-12921
CVE-2019-12921
CVSS 6.5 · MEDIUM
Summary
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVSS 3.1 breakdown
| Base score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Graphicsmagick graphicsmagickDebian debian linuxOpensuse backports sleOpensuse leap
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html
- http://www.graphicsmagick.org/
- https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md
- https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html
- https://www.debian.org/security/2020/dsa-4675
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.