VulnerableCode Package Details - pkg:deb/ubuntu/graphicsmagick@1.4%2Breally1.3.33%2Bhg16115-1

Search for packages

Package details: pkg:deb/ubuntu/graphicsmagick@1.4%2Breally1.3.33%2Bhg16115-1

Essentials
History (0)

purl	pkg:deb/ubuntu/graphicsmagick@1.4%2Breally1.3.33%2Bhg16115-1

Next non-vulnerable version	1.4+really1.3.34+hg16181-1
Latest non-vulnerable version	1.4+really1.3.34+hg16181-1
Risk	4.4

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-mqm5-6qzb-aaaa Aliases: CVE-2020-10938	GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.	1.4+really1.3.34+hg16181-1 Affected by 0 other vulnerabilities.
VCID-w82e-2fr6-aaap Aliases: CVE-2019-19953	In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.	1.4+really1.3.34+hg16181-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-57py-peab-aaab	In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.	CVE-2019-19951
VCID-cstx-zz61-aaac	In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.	CVE-2019-19950
VCID-ys7z-wtkj-aaaf	In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.	CVE-2019-12921

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version