Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP1 package GraphicsMagick, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2019-19951 — CVSS 9.8 (critical): In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
CVE-2019-19950 — CVSS 9.8 (critical): In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
CVE-2020-10938 — CVSS 9.8 (critical): GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2019-19953 — CVSS 9.1 (critical): In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
CVE-2020-12672 — CVSS 7.5 (high): GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2019-12921 — CVSS 6.5 (medium): In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of…