Detections
Analytics
Alpine: multiple graphicsmagick packages: security update to 1.3.32-r0
medium Tenable Cloud Security Plugin ID 404821
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary
files via a crafted image because of TranslateTextEx for SVG. (CVE-2019-12921)
- There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the
function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)
- In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash
and denial of service via a dib file that is crafted to appear with direct pixel values and also
colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
(CVE-2018-20189)
- In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in
WritePDFImage in coders/pdf.c. (CVE-2019-7397)
- coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read
and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and
CVE-2019-11009. (CVE-2019-11473)
See Also
https://security.alpinelinux.org/vuln/CVE-2018-18544
https://security.alpinelinux.org/vuln/CVE-2018-20189
https://security.alpinelinux.org/vuln/CVE-2019-7397
https://security.alpinelinux.org/vuln/CVE-2019-11473
Plugin Details
Severity: Medium
ID: 404821
Version: Revision 1.26
Type: Local
Published: 10/31/2023
Updated: 12/4/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-12921
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/21/2018
Reference Information
CVE: CVE-2018-18544, CVE-2018-20189, CVE-2019-11473, CVE-2019-11474, CVE-2019-12921, CVE-2019-7397