Vulnerabilities > CVE-2020-12672 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2236.NASL description A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. For Debian 8 last seen 2020-06-11 modified 2020-06-08 plugin id 137206 published 2020-06-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137206 title Debian DLA-2236-1 : graphicsmagick security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-779.NASL description This update for GraphicsMagick fixes the following issues : - CVE-2020-12672: heap-based buffer overflow in ReadMNGImage in coders/png.c. (boo#1171271) last seen 2020-06-11 modified 2020-06-08 plugin id 137228 published 2020-06-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137228 title openSUSE Security Update : GraphicsMagick (openSUSE-2020-779)
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
- https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html
- https://security.gentoo.org/glsa/202209-19