Vulnerabilities > CVE-2020-12672 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
graphicsmagick
debian
opensuse
CWE-787
nessus

Summary

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

Vulnerable Configurations

Part Description Count
Application
Graphicsmagick
69
Application
Opensuse
1
OS
Debian
1
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2236.NASL
    descriptionA vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. For Debian 8
    last seen2020-06-11
    modified2020-06-08
    plugin id137206
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137206
    titleDebian DLA-2236-1 : graphicsmagick security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-779.NASL
    descriptionThis update for GraphicsMagick fixes the following issues : - CVE-2020-12672: heap-based buffer overflow in ReadMNGImage in coders/png.c. (boo#1171271)
    last seen2020-06-11
    modified2020-06-08
    plugin id137228
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137228
    titleopenSUSE Security Update : GraphicsMagick (openSUSE-2020-779)