Main
Vulnerability Database
Exploits
ID:2246 - Exploit for Path traversal in GraphicsMagick - CVE-2019-12921
ID:2246 - Exploit for Path traversal in GraphicsMagick - CVE-2019-12921
Published: March 31, 2020
Vulnerability identifier: #VU26485
Vulnerability risk: Medium
CVE-ID: CVE-2019-12921
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
GraphicsMagick
GraphicsMagick
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within TranslateTextEx component for processing SVG images in GraphicsMagick. A remote attacker can create a specially crafted SVG file and read contents of arbitrary files on the system.
Remediation
Install update from vendor's website.