CVE: CVE-2019-12921

Export to Word

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.06531
Percentile: 0.90686

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-77 : Improper Neutralization of Special Elements used in a Command ('Command Injection')

All CAPEC(s)

CAPEC-136: LDAP Injection
CAPEC-15: Command Delimiters
CAPEC-183: IMAP/SMTP Command Injection
CAPEC-248: Command Injection
CAPEC-40: Manipulating Writeable Terminal Devices
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-75: Manipulating Writeable Configuration Files
CAPEC-76: Manipulating Web Input to File System Calls

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

← Back to Home