Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie

Type deb

Namespace debian

Name graphicsmagick

Version 1.4~hg15968-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.4~hg15976-1

Latest_non_vulnerable_version 1.4+really1.3.46-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4pd9-uv1z-6qfx

vulnerability_id VCID-4pd9-uv1z-6qfx

summary In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11506

reference_id

reference_type

scores

value	0.01488
scoring_system	epss
scoring_elements	0.80983
published_at	2026-04-01T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.80992
published_at	2026-04-02T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81015
published_at	2026-04-04T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81014
published_at	2026-04-07T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81042
published_at	2026-04-08T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81049
published_at	2026-04-09T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81066
published_at	2026-04-11T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81053
published_at	2026-04-12T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81045
published_at	2026-04-13T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81083
published_at	2026-04-16T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81084
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11506

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11506

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4pd9-uv1z-6qfx

url VCID-bh46-tx2w-8bfq

vulnerability_id VCID-bh46-tx2w-8bfq

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11005

reference_id

reference_type

scores

value	0.02255
scoring_system	epss
scoring_elements	0.8462
published_at	2026-04-18T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84604
published_at	2026-04-12T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.846
published_at	2026-04-13T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84522
published_at	2026-04-01T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84537
published_at	2026-04-02T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84559
published_at	2026-04-04T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84562
published_at	2026-04-07T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84584
published_at	2026-04-08T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.8459
published_at	2026-04-09T12:55:00Z

value	0.02255
scoring_system	epss
scoring_elements	0.84609
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11005

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/600/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/600/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11005

reference_id

CVE-2019-11005

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11005

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11005

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh46-tx2w-8bfq

url VCID-cxs4-yude-jba3

vulnerability_id VCID-cxs4-yude-jba3

summary In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11505

reference_id

reference_type

scores

value	0.01121
scoring_system	epss
scoring_elements	0.78273
published_at	2026-04-18T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78187
published_at	2026-04-01T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78196
published_at	2026-04-02T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78226
published_at	2026-04-04T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78208
published_at	2026-04-07T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78235
published_at	2026-04-08T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.7824
published_at	2026-04-09T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78265
published_at	2026-04-11T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78248
published_at	2026-04-12T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78244
published_at	2026-04-13T12:55:00Z

value	0.01121
scoring_system	epss
scoring_elements	0.78275
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11505

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11505

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxs4-yude-jba3

url VCID-ek9v-zmf4-u7aw

vulnerability_id VCID-ek9v-zmf4-u7aw

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11010

reference_id

reference_type

scores

value	0.00605
scoring_system	epss
scoring_elements	0.6964
published_at	2026-04-18T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69592
published_at	2026-04-13T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69631
published_at	2026-04-16T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69526
published_at	2026-04-01T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69537
published_at	2026-04-02T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69553
published_at	2026-04-04T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69532
published_at	2026-04-07T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69582
published_at	2026-04-08T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69599
published_at	2026-04-09T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69621
published_at	2026-04-11T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69606
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11010

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/601/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/601/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11010

reference_id

CVE-2019-11010

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11010

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11010

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek9v-zmf4-u7aw

url VCID-k5jd-24qt-aqc6

vulnerability_id VCID-k5jd-24qt-aqc6

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11009

reference_id

reference_type

scores

value	0.01329
scoring_system	epss
scoring_elements	0.79964
published_at	2026-04-18T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79944
published_at	2026-04-12T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79936
published_at	2026-04-13T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79888
published_at	2026-04-01T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79895
published_at	2026-04-02T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79916
published_at	2026-04-04T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79903
published_at	2026-04-07T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79932
published_at	2026-04-08T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79941
published_at	2026-04-09T12:55:00Z

value	0.01329
scoring_system	epss
scoring_elements	0.79961
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11009

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/597/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/597/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11009

reference_id

CVE-2019-11009

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11009

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11009

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5jd-24qt-aqc6

url VCID-mw2s-6zec-8ucb

vulnerability_id VCID-mw2s-6zec-8ucb

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11007

reference_id

reference_type

scores

value	0.02106
scoring_system	epss
scoring_elements	0.84113
published_at	2026-04-18T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.8411
published_at	2026-04-16T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84019
published_at	2026-04-01T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84033
published_at	2026-04-02T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84049
published_at	2026-04-04T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84052
published_at	2026-04-07T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84075
published_at	2026-04-08T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84082
published_at	2026-04-09T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84099
published_at	2026-04-11T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84093
published_at	2026-04-12T12:55:00Z

value	0.02106
scoring_system	epss
scoring_elements	0.84088
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11007

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/596/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/596/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11007

reference_id

CVE-2019-11007

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11007

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11007

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mw2s-6zec-8ucb

url VCID-qjhw-tswt-m3ak

vulnerability_id VCID-qjhw-tswt-m3ak

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11008

reference_id

reference_type

scores

value	0.02084
scoring_system	epss
scoring_elements	0.84026
published_at	2026-04-18T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.84
published_at	2026-04-13T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.84024
published_at	2026-04-16T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83932
published_at	2026-04-01T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83946
published_at	2026-04-02T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83962
published_at	2026-04-04T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83964
published_at	2026-04-07T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83987
published_at	2026-04-08T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.83994
published_at	2026-04-09T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.84009
published_at	2026-04-11T12:55:00Z

value	0.02084
scoring_system	epss
scoring_elements	0.84004
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11008

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11008
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11008

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/599/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/599/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11008

reference_id

CVE-2019-11008

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11008

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11008

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhw-tswt-m3ak

url VCID-xvve-pj82-mfh6

vulnerability_id VCID-xvve-pj82-mfh6

summary In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.

references

reference_url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
reference_id
reference_type
scores
url	http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11006

reference_id

reference_type

scores

value	0.01406
scoring_system	epss
scoring_elements	0.80496
published_at	2026-04-18T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80474
published_at	2026-04-12T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80467
published_at	2026-04-13T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80415
published_at	2026-04-01T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80421
published_at	2026-04-02T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80442
published_at	2026-04-04T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80431
published_at	2026-04-07T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80461
published_at	2026-04-08T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80471
published_at	2026-04-09T12:55:00Z

value	0.01406
scoring_system	epss
scoring_elements	0.80489
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11006

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11006

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html

reference_url	https://sourceforge.net/p/graphicsmagick/bugs/598/
reference_id
reference_type
scores
url	https://sourceforge.net/p/graphicsmagick/bugs/598/

reference_url	https://www.debian.org/security/2020/dsa-4640
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4640

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029
reference_id	927029
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927029

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_id	cpe:2.3:a:graphicsmagick:graphicsmagick::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:graphicsmagick:graphicsmagick::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11006

reference_id

CVE-2019-11006

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11006

reference_url	https://usn.ubuntu.com/4207-1/
reference_id	USN-4207-1
reference_type
scores
url	https://usn.ubuntu.com/4207-1/

reference_url	https://usn.ubuntu.com/5974-1/
reference_id	USN-5974-1
reference_type
scores
url	https://usn.ubuntu.com/5974-1/

fixed_packages

url	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4~hg15968-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.36%2Bhg16481-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.36%252Bhg16481-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.40-4%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.40-4%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.45%2Bhg17696-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.45%252Bhg17696-1%3Fdistro=trixie

url	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
purl	pkg:deb/debian/graphicsmagick@1.4%2Breally1.3.46-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4%252Breally1.3.46-2%3Fdistro=trixie

aliases CVE-2019-11006

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvve-pj82-mfh6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/graphicsmagick@1.4~hg15968-1%3Fdistro=trixie

Package Instance