CVE-2020-12672

Name
CVE-2020-12672
Description
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
MLIST https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:* graphicsmagick >= None <= 1.3.35

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
graphicsmagick edge-community 1.3.35-r2 None fixed
graphicsmagick edge-community 1.3.35-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.32-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.30-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.29-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.28-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.27-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.26-r5 None possibly vulnerable
graphicsmagick edge-community 1.3.26-r3 None possibly vulnerable
graphicsmagick edge-community 1.3.26-r2 None possibly vulnerable
graphicsmagick edge-community 1.3.26-r0 None possibly vulnerable
graphicsmagick edge-community 1.3.25-r2 None possibly vulnerable
graphicsmagick edge-community 1.3.25-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.35-r2 None fixed
graphicsmagick 3.22-community 1.3.35-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.32-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.30-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.29-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.28-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.27-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.26-r5 None possibly vulnerable
graphicsmagick 3.22-community 1.3.26-r3 None possibly vulnerable
graphicsmagick 3.22-community 1.3.26-r2 None possibly vulnerable
graphicsmagick 3.22-community 1.3.26-r0 None possibly vulnerable
graphicsmagick 3.22-community 1.3.25-r2 None possibly vulnerable
graphicsmagick 3.22-community 1.3.25-r0 None possibly vulnerable
graphicsmagick 3.21-community 1.3.35-r2 None fixed
graphicsmagick 3.20-community 1.3.35-r2 None fixed
graphicsmagick 3.19-community 1.3.35-r2 None fixed
graphicsmagick 3.18-community 1.3.35-r2 None fixed
graphicsmagick 3.17-community 1.3.35-r2 None fixed