DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIAN:DSA-3652-1:7D25D", "vendorId": null, "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3652-1] imagemagick security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3652-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 \n CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690\n CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491\nDebian Bugs : 832885 832887 832888 832968 833003 832474 832475 832464\n 832465 832467 832457 832461 832469 832482 832483 832504\n 832633 832776 832780 832787 832789 823750 832455 832478\n 832480 832506 832785 832793 832942 832944 832890 833044\n 833043 833042 831034 833099 833101 827643 833812 833744\n 833743 833735 833732 833730 834183 834501 834163 834504\n\nThis updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "published": "2016-08-25T20:53:02", "modified": "2016-08-25T20:53:02", "epss": [{"cve": "CVE-2016-4562", "epss": 0.00515, "percentile": 0.7325, "modified": "2023-05-02"}, {"cve": "CVE-2016-4563", "epss": 0.00515, "percentile": 0.7325, "modified": "2023-05-02"}, {"cve": "CVE-2016-4564", "epss": 0.00698, "percentile": 0.77384, "modified": "2023-05-02"}, {"cve": "CVE-2016-5010", "epss": 0.00343, "percentile": 0.67187, "modified": "2023-05-02"}, {"cve": "CVE-2016-5687", "epss": 0.00748, "percentile": 0.78272, "modified": "2023-05-02"}, {"cve": "CVE-2016-5688", "epss": 0.00839, "percentile": 0.79666, "modified": "2023-05-02"}, {"cve": "CVE-2016-5689", "epss": 0.01633, "percentile": 0.85651, "modified": "2023-05-02"}, {"cve": "CVE-2016-5690", "epss": 0.01797, "percentile": 0.86308, "modified": "2023-05-02"}, {"cve": "CVE-2016-5691", "epss": 0.00822, "percentile": 0.7945, "modified": "2023-05-02"}, {"cve": "CVE-2016-5841", "epss": 0.09686, "percentile": 0.93863, "modified": "2023-05-02"}, {"cve": "CVE-2016-5842", "epss": 0.00496, "percentile": 0.72731, "modified": "2023-05-02"}, {"cve": "CVE-2016-6491", "epss": 0.00596, "percentile": 0.75188, "modified": "2023-05-02"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-security-announce/2016/msg00230.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491"], "immutableFields": [], "lastseen": "2023-05-02T16:05:47", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201607-13"]}, {"type": "cve", "idList": ["CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491"]}, {"type": "debian", "idList": ["DEBIAN:DLA-517-1:CEB84", "DEBIAN:DLA-731-1:2431F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-4562", "DEBIANCVE:CVE-2016-4563", "DEBIANCVE:CVE-2016-4564", "DEBIANCVE:CVE-2016-5010", "DEBIANCVE:CVE-2016-5687", "DEBIANCVE:CVE-2016-5688", "DEBIANCVE:CVE-2016-5689", "DEBIANCVE:CVE-2016-5690", "DEBIANCVE:CVE-2016-5691", "DEBIANCVE:CVE-2016-5841", "DEBIANCVE:CVE-2016-5842", "DEBIANCVE:CVE-2016-6491"]}, {"type": "fedora", "idList": ["FEDORA:082456076F55", "FEDORA:137B4601EDDC", "FEDORA:2A5176076F55", "FEDORA:30E8F601EDDA", "FEDORA:4FEEB6076F55", "FEDORA:575B16076F55", "FEDORA:5C7D56076F55", "FEDORA:5EF1A6076F55", "FEDORA:6541E60748F9", "FEDORA:6B591601EDDE", "FEDORA:6DAC2601EDDA", "FEDORA:748906076F55", "FEDORA:791786076F55", "FEDORA:8F8C0601EDDE", "FEDORA:93FF76076F55", "FEDORA:9766D6076F55", "FEDORA:999936076F55", "FEDORA:A088E6076F55", "FEDORA:A58296076F55", "FEDORA:BE87C60748F9", "FEDORA:C1BBA6076F55", "FEDORA:C41F46076F55", "FEDORA:E7E3A6076F55", "FEDORA:F0880601EDDA", "FEDORA:F10E86076F55"]}, {"type": "gentoo", "idList": ["GLSA-201611-21"]}, {"type": "mageia", "idList": ["MGASA-2016-0257", "MGASA-2018-0229"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-517.NASL", "DEBIAN_DSA-3652.NASL", "EULEROS_SA-2017-1112.NASL", "EULEROS_SA-2017-1116.NASL", "EULEROS_SA-2019-1970.NASL", "EULEROS_SA-2019-2354.NASL", "EULEROS_SA-2020-1390.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-8F27031C8F.NASL", "GENTOO_GLSA-201611-21.NASL", "IMAGEMAGICK_6_9_4_3.NASL", "IMAGEMAGICK_6_9_4_5.NASL", "OPENSUSE-2016-1016.NASL", "OPENSUSE-2016-1229.NASL", "OPENSUSE-2016-1230.NASL", "OPENSUSE-2016-825.NASL", "OPENSUSE-2016-840.NASL", "OPENSUSE-2016-883.NASL", "OPENSUSE-2016-983.NASL", "OPENSUSE-2016-984.NASL", "SUSE_SU-2016-1782-1.NASL", "SUSE_SU-2016-1784-1.NASL", "SUSE_SU-2016-2075-1.NASL", "SUSE_SU-2016-2076-1.NASL", "SUSE_SU-2016-2964-1.NASL", "UBUNTU_USN-3131-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703652", "OPENVAS:1361412562310808068", "OPENVAS:1361412562310810246", "OPENVAS:1361412562310810247", "OPENVAS:1361412562310810248", "OPENVAS:1361412562310810249", "OPENVAS:1361412562310810250", "OPENVAS:1361412562310810253", "OPENVAS:1361412562310810254", "OPENVAS:1361412562310810255", "OPENVAS:1361412562310810256", "OPENVAS:1361412562310810258", "OPENVAS:1361412562310851361", "OPENVAS:1361412562310851363", "OPENVAS:1361412562310851368", "OPENVAS:1361412562310851385", "OPENVAS:1361412562310873390", "OPENVAS:1361412562310873391", "OPENVAS:1361412562310873392", "OPENVAS:1361412562310873394", "OPENVAS:1361412562310873399", "OPENVAS:1361412562310873400", "OPENVAS:1361412562310873404", "OPENVAS:1361412562310873407", "OPENVAS:1361412562310873408", "OPENVAS:1361412562310873409", "OPENVAS:1361412562310873410", "OPENVAS:1361412562310873412", "OPENVAS:1361412562310873417", "OPENVAS:1361412562310873419", "OPENVAS:1361412562310873420", "OPENVAS:1361412562310873422", "OPENVAS:1361412562310873424", "OPENVAS:1361412562310873425", "OPENVAS:1361412562310873427", "OPENVAS:1361412562310873429", "OPENVAS:1361412562310873431", "OPENVAS:1361412562310873432", "OPENVAS:1361412562310873434", "OPENVAS:1361412562310873436", "OPENVAS:1361412562310873438", "OPENVAS:1361412562311220171112", "OPENVAS:1361412562311220171116", "OPENVAS:1361412562311220191970", "OPENVAS:1361412562311220192354", "OPENVAS:1361412562311220201390", "OPENVAS:703652"]}, {"type": "osv", "idList": ["OSV:DLA-517-1", "OSV:DLA-731-1", "OSV:DSA-3652-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4562", "RH:CVE-2016-4563", "RH:CVE-2016-4564", "RH:CVE-2016-5010", "RH:CVE-2016-5687", "RH:CVE-2016-5688", "RH:CVE-2016-5689", "RH:CVE-2016-5690", "RH:CVE-2016-5691", "RH:CVE-2016-5841", "RH:CVE-2016-5842", "RH:CVE-2016-6491"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1724-1", "OPENSUSE-SU-2016:1748-1", "OPENSUSE-SU-2016:1833-1", "OPENSUSE-SU-2016:2073-1", "SUSE-SU-2016:1782-1", "SUSE-SU-2016:1783-1", "SUSE-SU-2016:1784-1", "SUSE-SU-2016:2964-1"]}, {"type": "ubuntu", "idList": ["USN-3131-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-4562", "UB:CVE-2016-4563", "UB:CVE-2016-4564", "UB:CVE-2016-5010", "UB:CVE-2016-5687", "UB:CVE-2016-5688", "UB:CVE-2016-5689", "UB:CVE-2016-5690", "UB:CVE-2016-5691", "UB:CVE-2016-5841", "UB:CVE-2016-5842", "UB:CVE-2016-6491"]}, {"type": "veracode", "idList": ["VERACODE:3125", "VERACODE:3321", "VERACODE:3361", "VERACODE:3362", "VERACODE:3364", "VERACODE:3365", "VERACODE:3366", "VERACODE:3370", "VERACODE:3374", "VERACODE:3376", "VERACODE:3380", "VERACODE:3936"]}]}, "score": {"value": 1.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201607-13"]}, {"type": "cve", "idList": ["CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564"]}, {"type": "debian", "idList": ["DEBIAN:DLA-517-1:CEB84"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5690", "DEBIANCVE:CVE-2016-5842"]}, {"type": "fedora", "idList": ["FEDORA:4FEEB6076F55", "FEDORA:C41F46076F55"]}, {"type": "gentoo", "idList": ["GLSA-201611-21"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/UBUNTU-CVE-2016-5688/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-517.NASL", "IMAGEMAGICK_6_9_4_3.NASL", "IMAGEMAGICK_6_9_4_5.NASL", "OPENSUSE-2016-1016.NASL", "OPENSUSE-2016-840.NASL", "OPENSUSE-2016-983.NASL", "SUSE_SU-2016-2075-1.NASL", "SUSE_SU-2016-2076-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810253", "OPENVAS:1361412562310873412"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-4564"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1748-1", "OPENSUSE-SU-2016:1833-1", "SUSE-SU-2016:1782-1", "SUSE-SU-2016:1784-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-4564"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-4562", "epss": 0.00515, "percentile": 0.73243, "modified": "2023-05-01"}, {"cve": "CVE-2016-4563", "epss": 0.00515, "percentile": 0.73243, "modified": "2023-05-01"}, {"cve": "CVE-2016-4564", "epss": 0.00698, "percentile": 0.77388, "modified": "2023-05-01"}, {"cve": "CVE-2016-5010", "epss": 0.00343, "percentile": 0.6718, "modified": "2023-05-01"}, {"cve": "CVE-2016-5687", "epss": 0.00748, "percentile": 0.78273, "modified": "2023-05-01"}, {"cve": "CVE-2016-5688", "epss": 0.00839, "percentile": 0.79667, "modified": "2023-05-01"}, {"cve": "CVE-2016-5689", "epss": 0.01633, "percentile": 0.8565, "modified": "2023-05-01"}, {"cve": "CVE-2016-5690", "epss": 0.01797, "percentile": 0.86309, "modified": "2023-05-01"}, {"cve": "CVE-2016-5691", "epss": 0.00822, "percentile": 0.79453, "modified": "2023-05-01"}, {"cve": "CVE-2016-5841", "epss": 0.09686, "percentile": 0.93861, "modified": "2023-05-01"}, {"cve": "CVE-2016-5842", "epss": 0.00496, "percentile": 0.72723, "modified": "2023-05-01"}, {"cve": "CVE-2016-6491", "epss": 0.00596, "percentile": 0.75186, "modified": "2023-05-01"}], "vulnersScore": 1.2}, "_state": {"dependencies": 1683044393, "score": 1683995507, "epss": 1683054362}, "_internal": {"score_hash": "32833f3d5da21e9b3805f3109e503b79"}, "affectedPackage": [{"packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "all", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_all.deb", "packageName": "imagemagick"}, {"arch": "ppc64el", "OSVersion": "8", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "operator": "lt", "OS": "Debian", "packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u8_armel.deb", "packageName": "libmagickcore5"}, {"OSVersion": "8", "packageFilename": "libmagick++-6-headers_8:6.8.9.9-5+deb8u4_all.deb", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6-headers"}, {"packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_amd64.deb", "OSVersion": "8", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"arch": "powerpc", "OSVersion": "8", "OS": "Debian", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_powerpc.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u8_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "libmagick++5"}, {"packageFilename": "libmagickcore-6-headers_8:6.8.9.9-5+deb8u4_all.deb", "OSVersion": "8", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-headers"}, {"arch": "arm64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_arm64.deb", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_ppc64el.deb", "arch": "ppc64el", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"OSVersion": "8", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_amd64.deb", "packageName": "libmagick++-6.q16-dev"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u8_amd64.deb", "packageName": "libmagickcore5-extra"}, {"packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u8_armhf.deb", "packageName": "libmagickcore-dev"}, {"arch": "i386", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_i386.deb", "packageName": "libmagick++-6.q16-dev"}, {"packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "operator": "lt", "OS": "Debian", "arch": "armhf", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u8_armhf.deb", "packageName": "libmagickwand5"}, {"OSVersion": "8", "packageFilename": "imagemagick-doc_8:6.8.9.9-5+deb8u4_all.deb", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-doc"}, {"OSVersion": "8", "OS": "Debian", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_armhf.deb", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"arch": "s390x", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "ppc64el", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "mipsel", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_mipsel.deb", "packageName": "libmagickwand-6.q16-2"}, {"packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u8_amd64.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageName": "imagemagick-dbg"}, {"arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u8_armel.deb", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickwand-dev"}, {"OSVersion": "7", "operator": "lt", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u7_armhf.deb", "packageName": "libmagickwand5"}, {"packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"OSVersion": "8", "packageFilename": "libimage-magick-perl_8:6.8.9.9-5+deb8u4_all.deb", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-perl"}, {"packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"arch": "i386", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_i386.deb", "packageName": "libmagickcore-6.q16-2"}, {"arch": "ppc64el", "OSVersion": "8", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"arch": "s390x", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_ppc64el.deb", "arch": "ppc64el", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u8_armel.deb", "packageName": "libmagickcore5-extra"}, {"arch": "i386", "OSVersion": "7", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u7_i386.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick"}, {"packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"arch": "powerpc", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"OSVersion": "8", "OS": "Debian", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_armhf.deb", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_armhf.deb", "packageName": "imagemagick-6.q16"}, {"arch": "s390x", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_ppc64el.deb", "arch": "ppc64el", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u8_amd64.deb", "packageName": "libmagick++-dev"}, {"packageFilename": "imagemagick-doc_8:6.7.7.10-5+deb7u8_all.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "all", "operator": "lt", "packageName": "imagemagick-doc"}, {"packageFilename": "imagemagick-common_8:6.7.7.10-5+deb7u7_all.deb", "OSVersion": "7", "OS": "Debian", "arch": "all", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick-common"}, {"OSVersion": "7", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u7_amd64.deb", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u8_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "libmagickwand-dev"}, {"arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u8_armel.deb", "packageName": "imagemagick-dbg"}, {"arch": "armel", "OSVersion": "7", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u7_armel.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagick++5"}, {"arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_mips.deb", "packageName": "libmagickcore-6.q16-2"}, {"arch": "ppc64el", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "armel", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u7_armel.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick-dbg"}, {"packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "arm64", "OSVersion": "8", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_arm64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"packageFilename": "imagemagick_8:6.7.7.10-5+deb7u8_all.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "all", "OS": "Debian", "operator": "lt", "packageName": "imagemagick"}, {"arch": "armel", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_armel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_i386.deb", "arch": "i386", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"arch": "s390x", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageFilename": "perlmagick_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "perlmagick"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u8_i386.deb", "operator": "lt", "packageName": "imagemagick"}, {"arch": "i386", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u8_i386.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagick++5"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"arch": "ppc64el", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u7_armhf.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "libmagickwand-dev"}, {"arch": "s390x", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_s390x.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"OSVersion": "8", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_amd64.deb", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_amd64.deb", "OSVersion": "8", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "i386", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_i386.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "powerpc", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"arch": "kfreebsd-amd64", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u8_amd64.deb", "packageName": "libmagickcore-dev"}, {"arch": "mipsel", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_mipsel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u8_i386.deb", "arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickcore-dev"}, {"OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"arch": "armel", "OSVersion": "8", "OS": "Debian", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_armel.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "s390x", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"OSVersion": "7", "OS": "Debian", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u7_armhf.deb", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "libmagickcore5-extra"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"OSVersion": "7", "arch": "amd64", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u7_amd64.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick-dbg"}, {"OSVersion": "8", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-dev_8:6.8.9.9-5+deb8u4_all.deb", "packageName": "libmagickwand-dev"}, {"arch": "mipsel", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_mipsel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "armel", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_armel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"OSVersion": "7", "packageFilename": "perlmagick_8:6.7.7.10-5+deb7u7_armhf.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "perlmagick"}, {"arch": "s390x", "OSVersion": "8", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_s390x.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "libmagickcore-dev_8:6.8.9.9-5+deb8u4_all.deb", "OSVersion": "8", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-dev"}, {"arch": "armel", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u7_armel.deb", "packageName": "libmagick++-dev"}, {"packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickwand5"}, {"arch": "s390x", "packageVersion": "8:6.8.9.9-5+deb8u4", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_s390x.deb", "packageName": "libmagick++-6.q16-dev"}, {"OSVersion": "8", "arch": "amd64", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_amd64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_arm64.deb", "arch": "arm64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_mipsel.deb", "arch": "mipsel", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "ppc64el", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u8_armel.deb", "arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickcore-dev"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "packageFilename": "perlmagick_8:6.7.7.10-5+deb7u8_i386.deb", "operator": "lt", "packageName": "perlmagick"}, {"OSVersion": "8", "arch": "amd64", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_amd64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"arch": "armel", "OSVersion": "7", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u7_armel.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "imagemagick"}, {"arch": "arm64", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_arm64.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"OSVersion": "8", "arch": "amd64", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_amd64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageFilename": "imagemagick_8:6.7.7.10-5+deb7u7_all.deb", "OSVersion": "7", "arch": "all", "packageVersion": "8:6.7.7.10-5+deb7u7", "OS": "Debian", "operator": "lt", "packageName": "imagemagick"}, {"arch": "mips", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_mips.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"arch": "i386", "OSVersion": "8", "OS": "Debian", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_i386.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "mips", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_mips.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"arch": "armel", "OSVersion": "8", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_armel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "packageName": "libimage-magick-q16-perl"}, {"arch": "armel", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u8_armel.deb", "OSVersion": "7", "packageVersion": "8:6.7.7.10-5+deb7u8", "OS": "Debian", "operator": "lt", "packageName": "imagemagick"}, {"arch": "i386", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_i386.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u7_armhf.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "libmagick++-dev"}, {"arch": "s390x", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "armel", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_armel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"OSVersion": "7", "operator": "lt", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u7_armhf.deb", "packageName": "libmagickcore-dev"}, {"OSVersion": "8", "operator": "lt", "arch": "amd64", "OS": "Debian", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_amd64.deb", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u8_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "libmagick++-dev"}, {"OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u7_amd64.deb", "packageName": "libmagickcore-dev"}, {"arch": "armel", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u7_armel.deb", "packageName": "libmagickcore5-extra"}, {"arch": "armel", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u8_armel.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagick++-dev"}, {"packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_mips.deb", "arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u8_i386.deb", "OS": "Debian", "operator": "lt", "packageName": "libmagickwand-dev"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u8_i386.deb", "operator": "lt", "packageName": "libmagick++-dev"}, {"arch": "ppc64el", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_ppc64el.deb", "packageName": "libmagickwand-6.q16-dev"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "packageName": "imagemagick-dbg"}, {"arch": "arm64", "OSVersion": "8", "operator": "lt", "OS": "Debian", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_arm64.deb", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_mips.deb", "arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"arch": "armel", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u8_armel.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickwand5"}, {"packageFilename": "perlmagick_8:6.7.7.10-5+deb7u8_amd64.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageName": "perlmagick"}, {"OSVersion": "7", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u7_armhf.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "imagemagick-dbg"}, {"arch": "i386", "packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u7_i386.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore5"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u8_amd64.deb", "packageName": "libmagickcore5"}, {"arch": "arm64", "packageVersion": "8:6.8.9.9-5+deb8u4", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_arm64.deb", "packageName": "imagemagick-dbg"}, {"arch": "i386", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u7_i386.deb", "packageName": "imagemagick-dbg"}, {"OSVersion": "8", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_arm64.deb", "arch": "arm64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"arch": "armel", "OSVersion": "7", "packageFilename": "perlmagick_8:6.7.7.10-5+deb7u7_armel.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "perlmagick"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"arch": "mips", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_mips.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u8_amd64.deb", "operator": "lt", "packageName": "libmagickwand-dev"}, {"arch": "armel", "OSVersion": "8", "OS": "Debian", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_armel.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u8_armhf.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "libmagickcore5"}, {"packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_armel.deb", "arch": "armel", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u7_armel.deb", "arch": "armel", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore5"}, {"packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_mips.deb", "arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"OSVersion": "8", "packageFilename": "imagemagick-common_8:6.8.9.9-5+deb8u4_all.deb", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-common"}, {"arch": "powerpc", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "powerpc", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "armel", "OSVersion": "8", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_armel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_mips.deb", "arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u8_armel.deb", "arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagick++5"}, {"arch": "ppc64el", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u8_armhf.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "libmagickcore5-extra"}, {"OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "all", "operator": "lt", "packageFilename": "imagemagick-doc_8:6.7.7.10-5+deb7u7_all.deb", "packageName": "imagemagick-doc"}, {"arch": "i386", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u8_i386.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickcore5-extra"}, {"arch": "kfreebsd-amd64", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "powerpc", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_powerpc.deb", "packageName": "libmagickwand-6.q16-2"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u7_armhf.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "libmagickcore5"}, {"packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u7_i386.deb", "arch": "i386", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickwand5"}, {"packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_i386.deb", "arch": "i386", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "mips", "OSVersion": "8", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_mips.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "arm64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_arm64.deb", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "i386", "OSVersion": "7", "operator": "lt", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u7_i386.deb", "packageName": "libmagickwand-dev"}, {"arch": "armel", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u7_armel.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickwand5"}, {"arch": "powerpc", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"arch": "armel", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "perlmagick_8:6.7.7.10-5+deb7u8_armel.deb", "OS": "Debian", "operator": "lt", "packageName": "perlmagick"}, {"OSVersion": "8", "OS": "Debian", "arch": "all", "packageFilename": "libmagickwand-6-headers_8:6.8.9.9-5+deb8u4_all.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6-headers"}, {"packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"arch": "arm64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_arm64.deb", "packageName": "libmagickcore-6.q16-2"}, {"packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "i386", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u8_i386.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "operator": "lt", "packageName": "libmagickwand5"}, {"arch": "ppc64el", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_ppc64el.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"arch": "powerpc", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"arch": "mips", "packageFilename": "libmagickcore-6-arch-config_8:6.8.9.9-5+deb8u4_mips.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6-arch-config"}, {"arch": "armel", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_armel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagick++-dev"}, {"arch": "i386", "packageVersion": "8:6.8.9.9-5+deb8u4", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_i386.deb", "packageName": "libmagickwand-6.q16-2"}, {"packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"arch": "i386", "packageFilename": "libmagick++-dev_8:6.7.7.10-5+deb7u7_i386.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagick++-dev"}, {"arch": "i386", "OSVersion": "7", "packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u7_i386.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore5-extra"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "arm64", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_arm64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "i386", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_i386.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"arch": "i386", "OSVersion": "8", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_i386.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"arch": "mips", "OSVersion": "8", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_mips.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "packageName": "libmagickcore-6.q16-dev"}, {"packageFilename": "perlmagick_8:6.7.7.10-5+deb7u8_armhf.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "perlmagick"}, {"packageFilename": "libmagickcore5-extra_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore5-extra"}, {"arch": "armel", "packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u7_armel.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickwand-dev"}, {"arch": "powerpc", "OSVersion": "8", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_powerpc.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"OSVersion": "7", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u7_armhf.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageName": "imagemagick"}, {"OSVersion": "8", "OS": "Debian", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_armhf.deb", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "armel", "OSVersion": "8", "OS": "Debian", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_armel.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"OSVersion": "8", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_amd64.deb", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "powerpc", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_powerpc.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_amd64.deb", "OSVersion": "8", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"arch": "mipsel", "OSVersion": "8", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_mipsel.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u8_i386.deb", "OS": "Debian", "operator": "lt", "packageName": "imagemagick-dbg"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "imagemagick_8:6.7.7.10-5+deb7u8_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageName": "imagemagick"}, {"packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u8_amd64.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageName": "libmagick++5"}, {"packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_mips.deb", "arch": "mips", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "s390x", "packageFilename": "imagemagick-dbg_8:6.8.9.9-5+deb8u4_s390x.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-dbg"}, {"arch": "i386", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u8_i386.deb", "OS": "Debian", "operator": "lt", "packageName": "libmagickcore5"}, {"arch": "armel", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_armel.deb", "packageName": "libmagickwand-6.q16-2"}, {"arch": "arm64", "packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_arm64.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "perlmagick_8:6.7.7.10-5+deb7u7_i386.deb", "arch": "i386", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "perlmagick"}, {"OSVersion": "8", "packageFilename": "perlmagick_8:6.8.9.9-5+deb8u4_all.deb", "OS": "Debian", "arch": "all", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "perlmagick"}, {"arch": "s390x", "OSVersion": "8", "operator": "lt", "OS": "Debian", "packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_s390x.deb", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"arch": "arm64", "OSVersion": "8", "packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_arm64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"arch": "i386", "packageFilename": "libmagickwand-6.q16-dev_8:6.8.9.9-5+deb8u4_i386.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-dev"}, {"packageFilename": "libmagickwand-6.q16-2_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickwand-6.q16-2"}, {"packageFilename": "imagemagick_8:6.7.7.10-5+deb7u8_amd64.deb", "packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageName": "imagemagick"}, {"OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "arch": "armhf", "operator": "lt", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u7_armhf.deb", "packageName": "libmagick++5"}, {"packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OSVersion": "8", "arch": "kfreebsd-i386", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"arch": "i386", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u7_i386.deb", "packageName": "libmagickcore-dev"}, {"arch": "armel", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_armel.deb", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "s390x", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_s390x.deb", "packageName": "imagemagick"}, {"arch": "kfreebsd-amd64", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_kfreebsd-amd64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"arch": "armel", "OSVersion": "7", "packageFilename": "libmagickcore-dev_8:6.7.7.10-5+deb7u7_armel.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore-dev"}, {"packageVersion": "8:6.8.9.9-5+deb8u4", "OSVersion": "8", "OS": "Debian", "arch": "all", "operator": "lt", "packageFilename": "libmagick++-dev_8:6.8.9.9-5+deb8u4_all.deb", "packageName": "libmagick++-dev"}, {"OSVersion": "8", "arch": "amd64", "OS": "Debian", "packageFilename": "imagemagick_8:6.8.9.9-5+deb8u4_amd64.deb", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick"}, {"packageFilename": "imagemagick-6.q16_8:6.8.9.9-5+deb8u4_i386.deb", "arch": "i386", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "imagemagick-6.q16"}, {"packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"OSVersion": "7", "arch": "amd64", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u7_amd64.deb", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagick++5"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "all", "operator": "lt", "packageFilename": "imagemagick-common_8:6.7.7.10-5+deb7u8_all.deb", "packageName": "imagemagick-common"}, {"arch": "powerpc", "OSVersion": "8", "packageFilename": "libmagickcore-6.q16-2-extra_8:6.8.9.9-5+deb8u4_powerpc.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2-extra"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "packageFilename": "libmagickwand5_8:6.7.7.10-5+deb7u8_amd64.deb", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageName": "libmagickwand5"}, {"packageFilename": "libmagickcore-6.q16-2_8:6.8.9.9-5+deb8u4_mipsel.deb", "arch": "mipsel", "OSVersion": "8", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-2"}, {"OSVersion": "8", "packageFilename": "libmagickcore-6.q16-dev_8:6.8.9.9-5+deb8u4_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagickcore-6.q16-dev"}, {"packageFilename": "libmagickcore5_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickcore5"}, {"arch": "powerpc", "OSVersion": "8", "packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_powerpc.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"packageVersion": "8:6.7.7.10-5+deb7u8", "OSVersion": "7", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageFilename": "imagemagick-dbg_8:6.7.7.10-5+deb7u8_armhf.deb", "packageName": "imagemagick-dbg"}, {"packageFilename": "libmagickwand-dev_8:6.7.7.10-5+deb7u7_amd64.deb", "OSVersion": "7", "arch": "amd64", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagickwand-dev"}, {"packageFilename": "libimage-magick-q16-perl_8:6.8.9.9-5+deb8u4_amd64.deb", "OSVersion": "8", "arch": "amd64", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libimage-magick-q16-perl"}, {"packageFilename": "libmagick++-6.q16-5_8:6.8.9.9-5+deb8u4_armhf.deb", "OSVersion": "8", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-5"}, {"OSVersion": "8", "arch": "kfreebsd-i386", "packageFilename": "libmagick++-6.q16-dev_8:6.8.9.9-5+deb8u4_kfreebsd-i386.deb", "OS": "Debian", "operator": "lt", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageName": "libmagick++-6.q16-dev"}, {"arch": "i386", "packageFilename": "libmagick++5_8:6.7.7.10-5+deb7u7_i386.deb", "OSVersion": "7", "OS": "Debian", "packageVersion": "8:6.7.7.10-5+deb7u7", "operator": "lt", "packageName": "libmagick++5"}]}

{"openvas": [{"lastseen": "2019-05-29T18:35:37", "description": "This updates fixes many vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3652-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4562", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-6491", "CVE-2016-5687", "CVE-2016-5842", "CVE-2016-4563", "CVE-2016-5010", "CVE-2016-5690", "CVE-2016-5841", "CVE-2016-5691", "CVE-2016-4564"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703652", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3652.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3652-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703652\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5010\",\n \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\",\n \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\");\n script_name(\"Debian Security Advisory DSA 3652-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3652.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This updates fixes many vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:28", "description": "This updates fixes many vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3652-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4562", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-6491", "CVE-2016-5687", "CVE-2016-5842", "CVE-2016-4563", "CVE-2016-5010", "CVE-2016-5690", "CVE-2016-5841", "CVE-2016-5691", "CVE-2016-4564"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703652", "href": "http://plugins.openvas.org/nasl.php?oid=703652", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3652.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3652-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703652);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5010\",\n \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\",\n \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\");\n script_name(\"Debian Security Advisory DSA 3652-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3652.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to\ncreate, edit, and compose bitmap images. It can read, convert and write images in\na variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000, PDF,\nPhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate, flip, mirror,\nrotate, scale, shear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and Bzier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"This updates fixes many vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-27T18:33:53", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-1970)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5689", "CVE-2016-10144", "CVE-2016-5687", "CVE-2016-5690", "CVE-2016-5691"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191970", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1970\");\n script_version(\"2020-01-23T12:28:55+0000\");\n script_cve_id(\"CVE-2016-10144\", \"CVE-2016-5687\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:28:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:28:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-1970)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1970\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1970\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-1970 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.(CVE-2016-5691)\n\nThe ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.(CVE-2016-5690)\n\nThe DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.(CVE-2016-5689)\n\nThe VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.(CVE-2016-5687)\n\ncoders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.(CVE-2016-10144)\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~15.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~15.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~15.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:32", "description": "The host is installed with ImageMagick\n and is prone to multiple unspecified vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Unspecified Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Unspecified Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810247\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5689\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Multiple Unspecified Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - An error in ReadDCMImage function in DCM reader in computing the\n pixel scaling table.\n\n - The lack of validation of pixel.red, pixel.green and pixel.blue by DCM reader.\n\n - The lack of NULL pointer checks by DCM reader.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-5 and\n 7.x before 7.0.1-7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.4-5 or 7.0.1-7 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.5\"))\n{\n fix = \"6.9.4-5\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.7\"))\n {\n fix = \"7.0.1-7\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:16", "description": "The host is installed with ImageMagick\n and is prone to multiple unspecified vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Unspecified Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810255", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Unspecified Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810255\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5689\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Multiple Unspecified Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - An error in ReadDCMImage function in DCM reader in computing the\n pixel scaling table.\n\n - The lack of validation of pixel.red, pixel.green and pixel.blue by DCM reader.\n\n - The lack of NULL pointer checks by DCM reader.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-5 and\n 7.x before 7.0.1-7 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.4-5 or 7.0.1-7 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.5\"))\n{\n fix = \"6.9.4-5\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.7\"))\n {\n fix = \"7.0.1-7\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:17:12", "description": "The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Denial of Service Vulnerabilities June16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310808068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Denial of Service Vulnerabilities June16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808068\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-4564\", \"CVE-2016-4562\", \"CVE-2016-4563\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Multiple Denial of Service Vulnerabilities June16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The DrawDashPolygon function in 'MagickCore/draw.c.' script mishandles\n calculations of certain vertices integer data.\n\n - The TraceStrokePolygon function in 'MagickCore/draw.c' script mishandles\n the relationship between the BezierQuantum value and certain strokes data.\n\n - The DrawImage function in 'MagickCore/draw.c' script makes an incorrect\n function call in attempting to locate the next token.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause a denial of service (buffer overflow and\n application crash) or possibly have unspecified other impact via\n a crafted file.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-0\n and 7.x before 7.0.1-2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.4-0 or 7.0.1-2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.imagemagick.org/script/changelog.php\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.0\"))\n{\n fix = \"6.9.4-0\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.2\"))\n {\n fix = \"7.0.1-2\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:25:39", "description": "The host is installed with ImageMagick\n and is prone to information disclosure and denial of service vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5842", "CVE-2016-5841"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810248\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-5841\", \"CVE-2016-5842\");\n script_bugtraq_id(91394);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to information disclosure and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - An integer overflow error in 'MagickCore/profile.c' script.\n\n - An out-of-bounds read error in 'MagickCore/property.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to obtain sensitive memory information and cause a denial of\n service (segmentation fault) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.2-1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.2-1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/23/1\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/25/3\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b\");\n script_xref(name:\"URL\", value:\"https://bugs.mageia.org/show_bug.cgi?id=18841\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.2.1\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:\"7.0.2-1\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:25:31", "description": "The host is installed with ImageMagick\n and is prone to information disclosure and denial of service vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5842", "CVE-2016-5841"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810254\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-5841\", \"CVE-2016-5842\");\n script_bugtraq_id(91394);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Information Disclosure And Denial Of Service Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to information disclosure and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - An integer overflow error in 'MagickCore/profile.c' script.\n\n - An out-of-bounds read error in 'MagickCore/property.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to obtain sensitive memory information and cause a denial of\n service (segmentation fault) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.2-1 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.2-1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/23/1\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/25/3\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b\");\n script_xref(name:\"URL\", value:\"https://bugs.mageia.org/show_bug.cgi?id=18841\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.2.1\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:\"7.0.2-1\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:32", "description": "The host is installed with ImageMagick\n and is prone to an out of bounds memory read vulnerability.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Out Of Bounds Memory Read Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5687"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Out Of Bounds Memory Read Vulnerability (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810256\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5687\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Out Of Bounds Memory Read Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to an out of bounds memory read vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an out of bounds memory\n read in the 'VerticalFilter' function that can be triggered by a malformed DDS\n file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to have unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-3\n and 7.x before 7.0.1-4 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.1-4 or 6.9.4-3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/14/5\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.3\"))\n{\n fix = \"6.9.4-3\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.4\"))\n {\n fix = \"7.0.1-4\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:17:15", "description": "The host is installed with ImageMagick\n and is prone to an out of bounds memory read vulnerability.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick Out Of Bounds Memory Read Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5687"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Out Of Bounds Memory Read Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810246\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5687\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Out Of Bounds Memory Read Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to an out of bounds memory read vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an out of bounds memory\n read in the 'VerticalFilter' function that can be triggered by a malformed DDS\n file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to have unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-3\n and 7.x before 7.0.1-4 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.1-4 or 6.9.4-3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/06/14/5\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.3\"))\n{\n fix = \"6.9.4-3\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.4\"))\n {\n fix = \"7.0.1-4\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:14", "description": "The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5688"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810250", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810250\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5688\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to a heap based\n buffer overflow error in the SetPixelIndex function and an invalid write\n operation in the ScaleCharToQuantum or SetPixelIndex functions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-4 and\n 7.x before 7.0.1-5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.4-4 or 7.0.1-5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.4\"))\n{\n fix = \"6.9.4-4\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.5\"))\n {\n fix = \"7.0.1-5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:20", "description": "The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5688"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810258", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810258\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-5688\");\n script_bugtraq_id(91283);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick WPG Parser Heap Buffer Overflow And Invalid Write Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to a heap based\n buffer overflow error in the SetPixelIndex function and an invalid write\n operation in the ScaleCharToQuantum or SetPixelIndex functions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.4-4 and\n 7.x before 7.0.1-5 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.4-4 or 7.0.1-5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.4.4\"))\n{\n fix = \"6.9.4-4\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.1.5\"))\n {\n fix = \"7.0.1-5\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:16:53", "description": "The host is installed with ImageMagick\n and is prone to a buffer overflow vulnerability.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6491"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810253\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-6491\");\n script_bugtraq_id(92186);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a buffer overflow error\n in the Get8BIMProperty function in 'MagickCore/property.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-4 and 7.x\n before 7.0.2-6 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-4 or 7.0.2-6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1036501\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q3/192\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/07/28/13\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.4\"))\n{\n fix = \"6.9.5-4\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.2.6\"))\n {\n fix = \"7.0.2-6\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:35", "description": "The host is installed with ImageMagick\n and is prone to a buffer overflow vulnerability.", "cvss3": {}, "published": "2016-06-06T00:00:00", "type": "openvas", "title": "ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6491"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310810249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810249\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-6491\");\n script_bugtraq_id(92186);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 18:38:55 +0530 (Mon, 06 Jun 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick 'Get8BIMProperty' Buffer Overflow Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to a buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a buffer overflow error\n in the Get8BIMProperty function in 'MagickCore/property.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-4 and 7.x\n before 7.0.2-6 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-4 or 7.0.2-6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1036501\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q3/192\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/07/28/13\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.4\"))\n{\n fix = \"6.9.5-4\";\n VULN = TRUE;\n}\n\nelse if(imVer =~ \"^7\\.\")\n{\n if(version_is_less(version:imVer, test_version:\"7.0.2.6\"))\n {\n fix = \"7.0.2-6\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851363", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851363", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851363\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-07 05:26:39 +0200 (Thu, 07 Jul 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\",\n \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\",\n \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\",\n \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\",\n \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\",\n \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\",\n \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\",\n \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\",\n \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\",\n \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\",\n \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\",\n \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\",\n \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\",\n \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\",\n \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\",\n \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\",\n \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1748-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Leaked file descriptor due to corrupted file (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1748-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5\", rpm:\"libMagick++-6_Q16-5~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo\", rpm:\"libMagick++-6_Q16-5-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2\", rpm:\"libMagickCore-6_Q16-2~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo\", rpm:\"libMagickCore-6_Q16-2-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2\", rpm:\"libMagickWand-6_Q16-2~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo\", rpm:\"libMagickWand-6_Q16-2-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-32bit\", rpm:\"libMagick++-6_Q16-5-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-5-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-32bit\", rpm:\"libMagickCore-6_Q16-2-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-2-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-32bit\", rpm:\"libMagickWand-6_Q16-2-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-2-debuginfo-32bit~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.9.8~26.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1833-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2014-9841", "CVE-2016-5688", "CVE-2014-9806", "CVE-2016-5689", "CVE-2014-9828", "CVE-2015-8902", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8900", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2015-8895", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9826", "CVE-2014-9834", "CVE-2014-9842", "CVE-2014-9819", "CVE-2016-5687", "CVE-2014-9833", "CVE-2014-9847", "CVE-2014-9820", "CVE-2014-9812", "CVE-2014-9852", "CVE-2014-9824", "CVE-2015-8894", "CVE-2014-9838", "CVE-2016-5842", "CVE-2014-9843", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9832", "CVE-2015-8897", "CVE-2016-4563", "CVE-2014-9851", "CVE-2014-9846", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2014-9808", "CVE-2014-9854", "CVE-2015-8898", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2014-9850", "CVE-2014-9825", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851368", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851368\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:55:29 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\",\n \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\",\n \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\",\n \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\",\n \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\",\n \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\",\n \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\",\n \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\",\n \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\",\n \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\",\n \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\",\n \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\",\n \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\",\n \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\",\n \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\",\n \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\",\n \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1833-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ImageMagick was updated to fix 66 security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed\n (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file.\n (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image\n (bsc#984184).\n\n - CVE-2015-8898: Prevent null pointer access in magick/constitute.c\n (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).\n\n - CVE-2014-9821: Avo ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1833-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2017-1112)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7532", "CVE-2016-7535", "CVE-2016-7538", "CVE-2016-7522", "CVE-2016-5010", "CVE-2016-7537", "CVE-2015-8959"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171112", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1112\");\n script_version(\"2020-01-23T10:51:20+0000\");\n script_cve_id(\"CVE-2015-8959\", \"CVE-2016-5010\", \"CVE-2016-7522\", \"CVE-2016-7532\", \"CVE-2016-7535\", \"CVE-2016-7537\", \"CVE-2016-7538\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2017-1112)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1112\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1112\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2017-1112 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.(CVE-2015-8959)\n\ncoders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.(CVE-2016-5010)\n\nThe ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.(CVE-2016-7522)\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.(CVE-2016-7535)\n\nMagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.(CVE-2016-7537)\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.(CVE-2016-7538)\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.(CVE-2016-7532)\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:41:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2017-1116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7532", "CVE-2016-7535", "CVE-2016-7538", "CVE-2016-7522", "CVE-2016-5010", "CVE-2016-7537", "CVE-2015-8959"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171116", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1116\");\n script_version(\"2020-01-23T10:51:29+0000\");\n script_cve_id(\"CVE-2015-8959\", \"CVE-2016-5010\", \"CVE-2016-7522\", \"CVE-2016-7532\", \"CVE-2016-7535\", \"CVE-2016-7537\", \"CVE-2016-7538\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:51:29 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:51:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2017-1116)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1116\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1116\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2017-1116 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.CVE-2015-8959\n\ncoders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.CVE-2016-5010\n\nThe ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.CVE-2016-7522\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.CVE-2016-7532\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.CVE-2016-7535\n\nMagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.CVE-2016-7537\n\ncoders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.CVE-2016-7538\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~15.h7\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:39:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2016-10046", "CVE-2014-8716", "CVE-2019-7175", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2016-10052", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220192354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192354", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2354\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10052\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-7175\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:49:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2354\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-2354 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175)\n\nReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)\n\nThe DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)\n\nThe TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)\n\nThe DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564)\n\nThe ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ncoders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)\n\nMemory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)\n\nThe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-17T16:54:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2019-13134", "CVE-2016-10046", "CVE-2014-8716", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2014-9819", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2019-13133", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201390", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1390\");\n script_version(\"2020-04-16T05:46:13+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-13133\", \"CVE-2019-13134\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1390\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1390\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2020-1390 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.(CVE-2014-8354)\n\nPCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8355)\n\nDCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8562)\n\nThe JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).(CVE-2014-8716)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.(CVE-2014-9821)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.(CVE-2014-9822)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.(CVE-2014-9823)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.(CVE-2014-9824)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.(CVE-2014-9825)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ndistribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.(CVE-2014-9852)\n\nMemory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.(CVE-2014-9853)\n\ncoders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the ''identification of image.''(CVE-2014-9854)\n\ncoders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.(CVE-2014-9907)\n\nThe ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.(CVE-2015-8900)\n\nImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.(CVE-2015-8901)\n\nThe ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfigstudio_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:34:56 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_autotrace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:42 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_converseen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873407\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.7.2~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_php-pecl-imagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_inkscape_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:32:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ImageMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:50:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDT43G5RDSYGPIQ2RBMEGC3RXRW2ENPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.13~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873412", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rubygem-rmagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873412\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:37:53 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rmagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rmagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUOSYWB3S6UHTG2YAYRCXPBKGXTCGDE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rmagick\", rpm:\"rubygem-rmagick~2.16.0~4.fc26.2\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ripright FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ripright_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ripright FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873391\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:07:30 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ripright FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ripright'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ripright on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LPAVN4T4OJO53IDYG56UAFXKJETIX6W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ripright\", rpm:\"ripright~0.11~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfig FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfig_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfig FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873432\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:09:21 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfig FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfig'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfig on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKIOVPVMFP2JAQIRGCJ6ORJL3I6OI7B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfig\", rpm:\"synfig~1.2.0~9.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rss-glx FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rss-glx_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rss-glx FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873438\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:18:44 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rss-glx FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rss-glx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rss-glx on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZ6NMRLOPTO2IHIEEO25SQ5Z7MWPQKK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rss-glx\", rpm:\"rss-glx~0.9.1.p~29.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for q FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_q_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for q FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873394\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:13:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for q FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"q on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWCQW6OHAB26KVSQTGYVOIKEHH3ENZ4Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~29.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for k3d FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_k3d_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for k3d FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873419\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:44:24 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for k3d FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'k3d'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"k3d on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PHOZENIVB3UVOEDNORVD5HZEPH7SZPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"k3d\", rpm:\"k3d~0.8.0.6~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for imageinfo FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_imageinfo_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for imageinfo FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873420\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:47:47 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for imageinfo FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imageinfo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"imageinfo on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VCKBLZTRUJIDLAZ3QGNSZGOLWEJNDW7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"imageinfo\", rpm:\"imageinfo~0.05~27.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_emacs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:28:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TYOQUU23FT5ZUDPTUR54NNN5JCH5SAU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for kxstitch FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_kxstitch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kxstitch FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873429\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:25 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kxstitch FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kxstitch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kxstitch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLNHECMOL5F4463M4LEQJETSACMDNHBX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kxstitch\", rpm:\"kxstitch~1.2.0~9.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_perl-Image-SubImageFind_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:00:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NOWPNY5NTXIZANQ327B5JNLTVLZ3BDM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_psiconv_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNV35ZHCWOWCRRB6BLFKV24YTORMLH4X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for techne FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_techne_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for techne FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873434\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:12:19 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for techne FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'techne'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"techne on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7DJTCVESG6E2TSULF5JA6JM427TDGEZF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"techne\", rpm:\"techne~0.2.3~20.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_dmtx-utils_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:15:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dmtx-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dmtx-utils on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VST4FTGSIGVYYYTUCYFUTPBL6QNQE4SY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"dmtx-utils\", rpm:\"dmtx-utils~0.7.4~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vdr-scraper2vdr_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873424\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vdr-scraper2vdr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vdr-scraper2vdr on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LYDZWFUCPPZNZFWH7L5BVXQN4W3QU2F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vdr-scraper2vdr\", rpm:\"vdr-scraper2vdr~1.0.5~4.20170611git254122b.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for drawtiming FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_drawtiming_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for drawtiming FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:04 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for drawtiming FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drawtiming'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drawtiming on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MNO4DLPKYAYFZKQKDGF5FS25DUJN74I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"drawtiming\", rpm:\"drawtiming~0.7.1~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vips FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873431", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vips_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vips FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873431\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:06:18 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vips FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vips'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vips on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LPLGFSY5B4L7T4MM6BRICKAEJLC245Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vips\", rpm:\"vips~8.5.8~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_pfstools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:19:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_WindowMaker_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873425\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:56:58 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.8~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_gtatool_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:10:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32VMEM3PJFREO5A322OKICOCG3VTTOVO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:36:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:2073-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2016-5688", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9807", "CVE-2015-8896", "CVE-2014-9817", "CVE-2016-2317", "CVE-2014-9845", "CVE-2014-9834", "CVE-2014-9819", "CVE-2014-9820", "CVE-2015-8894", "CVE-2016-5241", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9846", "CVE-2016-5240", "CVE-2016-2318"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851385", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851385\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-16 05:43:14 +0200 (Tue, 16 Aug 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9809\", \"CVE-2014-9815\",\n \"CVE-2014-9817\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9831\",\n \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9837\", \"CVE-2014-9839\",\n \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9853\", \"CVE-2015-8894\",\n \"CVE-2015-8896\", \"CVE-2016-2317\", \"CVE-2016-2318\", \"CVE-2016-5240\",\n \"CVE-2016-5241\", \"CVE-2016-5688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:2073-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file (boo#983752)\n\n - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop)\n (boo#983309)\n\n - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion\n (boo#983455)\n\n - CVE-2014-9846: Overflow in rle file (boo#983521)\n\n - CVE-2015-8894: Double free in TGA code (boo#983523)\n\n - CVE-2015-8896: Double free / integer truncation issue (boo#983533)\n\n - CVE-2014-9807: Double free in pdb coder (boo#983794)\n\n - CVE-2014-9809: SEGV due to corrupted xwd images (boo#983799)\n\n - CVE-2014-9819: Heap overflow in palm files (boo#984142)\n\n - CVE-2014-9835: Heap overflow in wpf file (boo#984145)\n\n - CVE-2014-9831: Issues handling of corrupted wpg file (boo#984375)\n\n - CVE-2014-9820: heap overflow in xpm files (boo#984150)\n\n - CVE-2014-9837: Additional PNM sanity checks (boo#984166)\n\n - CVE-2014-9815: Crash on corrupted wpg file (boo#984372)\n\n - CVE-2014-9839: Theoretical out of bound access in via color maps\n (boo#984379)\n\n - CVE-2014-9845: Crash due to corrupted dib file (boo#984394)\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (boo#984400)\n\n - CVE-2014-9853: Memory leak in rle file handling (boo#984408)\n\n - CVE-2014-9834: Heap overflow in pict file (boo#984436)\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (boo#985442)\n\n - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG\n files (boo#965853)\n\n - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG\n files (boo#965853)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2073-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-11\", rpm:\"libGraphicsMagick++-Q16-11~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-11-debuginfo\", rpm:\"libGraphicsMagick++-Q16-11-debuginfo~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.21~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-07-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:1724-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2014-9829", "CVE-2014-9810", "CVE-2016-5688", "CVE-2014-9828", "CVE-2014-9811", "CVE-2014-9831", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2015-8901", "CVE-2014-9818", "CVE-2015-8903", "CVE-2015-8896", "CVE-2014-9830", "CVE-2014-9817", "CVE-2014-9840", "CVE-2016-2317", "CVE-2014-9814", "CVE-2014-9845", "CVE-2014-9834", "CVE-2014-9819", "CVE-2014-9847", "CVE-2014-9820", "CVE-2015-8894", "CVE-2016-5241", "CVE-2014-9837", "CVE-2014-9815", "CVE-2014-9835", "CVE-2014-9813", "CVE-2014-9839", "CVE-2014-9805", "CVE-2014-9846", "CVE-2014-9816", "CVE-2014-9808", "CVE-2016-5240", "CVE-2016-2318"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851361", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851361\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-02 05:25:22 +0200 (Sat, 02 Jul 2016)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\",\n \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9813\", \"CVE-2014-9814\",\n \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\",\n \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9828\", \"CVE-2014-9829\",\n \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9834\", \"CVE-2014-9835\",\n \"CVE-2014-9837\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9844\",\n \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9853\",\n \"CVE-2015-8894\", \"CVE-2015-8896\", \"CVE-2015-8901\", \"CVE-2015-8903\",\n \"CVE-2016-2317\", \"CVE-2016-2318\", \"CVE-2016-5240\", \"CVE-2016-5241\",\n \"CVE-2016-5688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:1724-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick was updated to fix 37 security issues.\n\n These security issues were fixed:\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling\n (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG\n (bsc#985442).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n\n - CVE-2014-9828: corrupted (too many colors) psd file (bsc#984028).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images. (bsc#983799).\n\n - CVE-2016-5240: SVG converting issue resulting in DoS (endless loop)\n (bsc#983309).\n\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder\n (bsc#984144).\n\n - CVE-2016-5241: Arithmetic exception (div by 0) in SVG conversion\n (bsc#983455).\n\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle file (bsc#983521).\n\n - CVE-2016-2317: Multiple vulnerabilities when parsing and processing SVG\n files (bsc#965853).\n\n - CVE-2016-2318: Multiple vulnerabilities when parsing and processing SVG\n files (bsc#965853).\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1724-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-3\", rpm:\"libGraphicsMagick++-Q16-3~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-3-debuginfo\", rpm:\"libGraphicsMagick++-Q16-3-debuginfo~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.20~9.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-25T14:28:59", "description": "According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.(CVE-2016-5691)\n\n - The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.(CVE-2016-5690)\n\n - The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.(CVE-2016-5689)\n\n - The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.(CVE-2016-5687)\n\n - coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.(CVE-2016-10144)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1970)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10144", "CVE-2016-5687", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:imagemagick", "p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b", "p-cpe:/a:huawei:euleros:imagemagick-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1970.NASL", "href": "https://www.tenable.com/plugins/nessus/129127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129127);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2016-10144\",\n \"CVE-2016-5687\",\n \"CVE-2016-5689\",\n \"CVE-2016-5690\",\n \"CVE-2016-5691\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1970)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ImageMagick packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The DCM reader in ImageMagick before 6.9.4-5 and 7.x\n before 7.0.1-7 allows remote attackers to have\n unspecified impact by leveraging lack of validation of\n (1) pixel.red, (2) pixel.green, and (3)\n pixel.blue.(CVE-2016-5691)\n\n - The ReadDCMImage function in DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact via vectors\n involving the for statement in computing the pixel\n scaling table.(CVE-2016-5690)\n\n - The DCM reader in ImageMagick before 6.9.4-5 and 7.x\n before 7.0.1-7 allows remote attackers to have\n unspecified impact by leveraging lack of NULL pointer\n checks.(CVE-2016-5689)\n\n - The VerticalFilter function in the DDS coder in\n ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4\n allows remote attackers to have unspecified impact via\n a crafted DDS file, which triggers an out-of-bounds\n read.(CVE-2016-5687)\n\n - coders/ipl.c in ImageMagick allows remote attackers to\n have unspecific impact by leveraging a missing malloc\n check.(CVE-2016-10144)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?980b2324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ImageMagick packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ImageMagick-6.7.8.9-15.h27.eulerosv2r7\",\n \"ImageMagick-c++-6.7.8.9-15.h27.eulerosv2r7\",\n \"ImageMagick-perl-6.7.8.9-15.h27.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:56", "description": "The code did not check the integer didn't overflow before trying to resize a buffer. A specially crafted file could result in using memory past the end of the allocated buffer.\n\nThis security CVEs for this issue (CVE-2016-4563) along with CVE-2016-4562 and CVE-2016-4564 were based on a security advisory that will not be made public. This security fix was generated based only on the surface-level code-change information that is public in GitHub.\nFor more information on this, see:\nhttp://seclists.org/oss-sec/2016/q2/476\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u7.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-20T00:00:00", "type": "nessus", "title": "Debian DLA-517-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-517.NASL", "href": "https://www.tenable.com/plugins/nessus/91688", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-517-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91688);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4563\");\n\n script_name(english:\"Debian DLA-517-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code did not check the integer didn't overflow before trying to\nresize a buffer. A specially crafted file could result in using memory\npast the end of the allocated buffer.\n\nThis security CVEs for this issue (CVE-2016-4563) along with\nCVE-2016-4562 and CVE-2016-4564 were based on a security advisory that\nwill not be made public. This security fix was generated based only on\nthe surface-level code-change information that is public in GitHub.\nFor more information on this, see:\nhttp://seclists.org/oss-sec/2016/q2/476\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u7.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # http://seclists.org/oss-sec/2016/q2/476\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2016/q2/476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/06/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:24:43", "description": "The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-3 or 7.x prior to 7.0.1-4. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the VerticalFilter() function in coders/dds.c due to improper handling of malformed DDS files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted DDS file, to crash processes linked against the library, resulting in a denial of service condition. (CVE-2016-5687)\n\n - An overflow condition exists in the ReadWPGImage() function in coders/wpg.c due to improper validation of user-supplied input when handling WPG files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted WPG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)\n\n - An invalid write error exists in the OpenPixelCache() function in MagickCore/cache.c due to improper handling of resources. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "ImageMagick 6.x < 6.9.4-3 / 7.x < 7.0.1-4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5687", "CVE-2016-5688"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_6_9_4_3.NASL", "href": "https://www.tenable.com/plugins/nessus/91818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91818);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\"CVE-2016-5687\", \"CVE-2016-5688\");\n script_bugtraq_id(91283);\n\n script_name(english:\"ImageMagick 6.x < 6.9.4-3 / 7.x < 7.0.1-4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 6.x\nprior to 6.9.4-3 or 7.x prior to 7.0.1-4. It is, therefore, affected\nby the following vulnerabilities :\n\n - An out-of-bounds read error exists in the\n VerticalFilter() function in coders/dds.c due to\n improper handling of malformed DDS files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted DDS file,\n to crash processes linked against the library, resulting\n in a denial of service condition. (CVE-2016-5687)\n\n - An overflow condition exists in the ReadWPGImage()\n function in coders/wpg.c due to improper validation of\n user-supplied input when handling WPG files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted WPG file,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5688)\n\n - An invalid write error exists in the OpenPixelCache()\n function in MagickCore/cache.c due to improper handling\n of resources. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2016-5688)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.imagemagick.org/script/changelog.php\");\n # https://blog.fuzzing-project.org/46-Various-invalid-memory-accesses-in-ImageMagick-WPG,-DDS,-DCM.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b5f3426\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 6.9.4-3 / 7.0.1-4 or later.\n\nNote that you may need to manually uninstall the vulnerable version\nfrom the system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5687\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '6.0.0-0', 'fixed_version' : '6.9.4-3'},\n {'min_version' : '7.0.0-0', 'fixed_version' : '7.0.1-4'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:23:47", "description": "The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-5 or 7.x prior to 7.0.1-7. It is, therefore, affected by multiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the DCM reader due to a NULL pointer dereference flaw that is triggered during the handling of photometric interpretation or the handling of frames. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.\n (CVE-2016-5689)\n\n - A denial of service vulnerability exists in the DCM reader due to improper computation of the pixel scaling table. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.\n (CVE-2016-5690)\n\n - A denial of service vulnerability exists in the DCM reader due to improper validation of pixel.red, pixel,green, and pixel.blue. An unauthenticated, remote attacker can exploit this to crash processes linked against the library. (CVE-2016-5691)\n\n - Multiple denial of service vulnerabilities exist in multiple functions in viff.c due to improper handling of a saturation of exceptions. An unauthenticated, remote attacker can exploit these issues to crash processes linked against the library. (CVE-2016-10066, CVE-2016-10067)\n\n - A denial of service vulnerability exists in the ThrowReaderException() function in mat.c due to improper handling of frame numbers in a crafted MAT file. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.\n (CVE-2016-10069)", "cvss3": {}, "published": "2016-06-24T00:00:00", "type": "nessus", "title": "ImageMagick 6.x < 6.9.4-5 / 7.x < 7.0.1-7 Multiple DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10066", "CVE-2016-10067", "CVE-2016-10069", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691"], "modified": "2023-07-07T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_6_9_4_5.NASL", "href": "https://www.tenable.com/plugins/nessus/91819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91819);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/07\");\n\n script_cve_id(\n \"CVE-2016-5689\",\n \"CVE-2016-5690\",\n \"CVE-2016-5691\",\n \"CVE-2016-10066\",\n \"CVE-2016-10067\",\n \"CVE-2016-10069\"\n );\n script_bugtraq_id(91283);\n\n script_name(english:\"ImageMagick 6.x < 6.9.4-5 / 7.x < 7.0.1-7 Multiple DoS\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ImageMagick installed on the remote Windows host is 6.x\nprior to 6.9.4-5 or 7.x prior to 7.0.1-7. It is, therefore, affected\nby multiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the DCM\n reader due to a NULL pointer dereference flaw that is\n triggered during the handling of photometric\n interpretation or the handling of frames. An\n unauthenticated, remote attacker can exploit this to\n crash processes linked against the library.\n (CVE-2016-5689)\n\n - A denial of service vulnerability exists in the DCM\n reader due to improper computation of the pixel scaling\n table. An unauthenticated, remote attacker can exploit\n this to crash processes linked against the library.\n (CVE-2016-5690)\n\n - A denial of service vulnerability exists in the DCM\n reader due to improper validation of pixel.red,\n pixel,green, and pixel.blue. An unauthenticated, remote\n attacker can exploit this to crash processes linked\n against the library. (CVE-2016-5691)\n\n - Multiple denial of service vulnerabilities exist in\n multiple functions in viff.c due to improper handling of\n a saturation of exceptions. An unauthenticated, remote\n attacker can exploit these issues to crash processes\n linked against the library. (CVE-2016-10066,\n CVE-2016-10067)\n\n - A denial of service vulnerability exists in the\n ThrowReaderException() function in mat.c due to improper\n handling of frame numbers in a crafted MAT file. An\n unauthenticated, remote attacker can exploit this to\n crash processes linked against the library.\n (CVE-2016-10069)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.imagemagick.org/script/changelog.php\");\n # https://blog.fuzzing-project.org/46-Various-invalid-memory-accesses-in-ImageMagick-WPG,-DDS,-DCM.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b5f3426\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 6.9.4-5 / 7.0.1-7 or later.\n\nNote that you may need to manually uninstall the vulnerable version\nfrom the system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5691\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::imagemagick::initialize();\nvar app_info = vcf::imagemagick::get_app_info();\n\nvar constraints = [\n {'min_version' : '6.0.0-0', 'fixed_version' : '6.9.4-5'},\n {'min_version' : '7.0.0-0', 'fixed_version' : '7.0.1-7'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:08", "description": "This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-1016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5010", "CVE-2016-6491", "CVE-2016-6520"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/93105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1016.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93105);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5010\", \"CVE-2016-6491\", \"CVE-2016-6520\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-1016)\");\n script_summary(english:\"Check for the openSUSE-2016-1016 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory\n [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing\n crafted tiff files [bsc#991445]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:33", "description": "This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2076-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5010", "CVE-2016-6491", "CVE-2016-6520"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2076-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2076-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93291);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5010\", \"CVE-2016-6491\", \"CVE-2016-6520\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2076-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory\n [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing\n crafted tiff files [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6520/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162076-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d94e7336\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1222=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1222=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1222=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1222=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:23", "description": "This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing crafted tiff files [bsc#991445]", "cvss3": {}, "published": "2016-08-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5010", "CVE-2016-6491", "CVE-2016-6520"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-983.NASL", "href": "https://www.tenable.com/plugins/nessus/92980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-983.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92980);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5010\", \"CVE-2016-6491\", \"CVE-2016-6520\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-983)\");\n script_summary(english:\"Check for the openSUSE-2016-983 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-5010: Out-of-bounds read in CopyMagickMemory\n [bsc#991444]\n\n - CVE-2016-6491: Out-of-bounds read when processing\n crafted tiff files [bsc#991445]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:36", "description": "This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.", "cvss3": {}, "published": "2016-08-26T00:00:00", "type": "nessus", "title": "Debian DSA-3652-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3652.NASL", "href": "https://www.tenable.com/plugins/nessus/93115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3652. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93115);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5010\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7536\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\");\n script_xref(name:\"DSA\", value:\"3652\");\n\n script_name(english:\"Debian DSA-3652-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta,\nQuantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:58", "description": "The remote host is affected by the vulnerability described in GLSA-201611-21 (ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "GLSA-201611-21 : ImageMagick: Multiple vulnerabilities (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5010", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-7799", "CVE-2016-7906"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:imagemagick", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201611-21.NASL", "href": "https://www.tenable.com/plugins/nessus/95420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-21.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95420);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5010\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2016-7799\", \"CVE-2016-7906\");\n script_xref(name:\"GLSA\", value:\"201611-21\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"GLSA-201611-21 : ImageMagick: Multiple vulnerabilities (ImageTragick)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-21\n(ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.9.6.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.9.6.2\"), vulnerable:make_list(\"lt 6.9.6.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:34", "description": "This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-6491: Out-of-bounds read in CopyMagickMemory [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2075-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6491", "CVE-2016-6520"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2075-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2075-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93290);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6491\", \"CVE-2016-6520\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2075-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-6491: Out-of-bounds read in CopyMagickMemory\n [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6520/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162075-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fbfc865\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-12694=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-12694=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-12694=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:37", "description": "ImageMagick was updated to fix 55 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent file descriptr leak due to corrupted file (bsc#983774).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in magick/constitute.c (bsc#983746).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9820: heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: heap overflow in quantum file (bsc#984187).\n\n - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: Fix a SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9807: Fix a double free in pdb coder.\n (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1782-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9842", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9849", "CVE-2014-9851", "CVE-2014-9853", "CVE-2014-9854", "CVE-2015-8894", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1782-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1782-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93178);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\", \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\", \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\", \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9842\", \"CVE-2014-9844\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9849\", \"CVE-2014-9851\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8896\", \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1782-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ImageMagick was updated to fix 55 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file\n handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file\n (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file\n handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image\n (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling\n (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file\n (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file\n (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file\n (bsc#984375).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9851: Crash when parsing resource block\n (bsc#984160).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder\n (bsc#985460).\n\n - CVE-2014-9853: Memory leak in rle file handling\n (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption)\n (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar\n (bsc#983259).\n\n - CVE-2015-8901: MIFF file DoS (endless loop)\n (bsc#983234).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent file descriptr leak due to\n corrupted file (bsc#983774).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c\n (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of\n TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in\n magick/constitute.c (bsc#983746).\n\n - CVE-2015-8894: Double free in coders/tga.c:221\n (bsc#983523).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage\n (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm\n coder (bsc#985456).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9820: heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: heap overflow in quantum file\n (bsc#984187).\n\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: Fix a SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files\n (bsc#984186).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2016-5687: Out of bounds read in DDS coder\n (bsc#985448).\n\n - CVE-2014-9840: Out of bound access in palm file\n (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in\n the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle\n file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file\n (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file\n (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2016-5688: Various invalid memory reads in\n ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9807: Fix a double free in pdb coder.\n (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file\n (bsc#984409).\n\n - CVE-2016-4564: The DrawImage function in\n MagickCore/draw.c in ImageMagick made an incorrect\n function call in attempting to locate the next token,\n which allowed remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in\n MagickCore/draw.c in ImageMagick mishandled the\n relationship between the BezierQuantum value and certain\n strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in\n MagickCore/draw.c in ImageMagick mishandled calculations\n of certain vertices integer data, which allowed remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9837: Additional PNM sanity checks\n (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file\n (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE\n (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in\n MagickCore/property.c:1396 could have lead to memory\n leak (bnc#986608).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9811/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9814/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9818/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9819/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9820/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9823/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9824/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9829/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9831/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9834/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9842/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9846/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9851/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9854/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8898/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8903/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4562/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5689/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5691/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5842/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161782-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79276ec4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-ImageMagick-12643=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-ImageMagick-12643=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-ImageMagick-12643=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.45.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:27", "description": "ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files.\n (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9825", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9832", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9841", "CVE-2014-9842", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9850", "CVE-2014-9851", "CVE-2014-9852", "CVE-2014-9853", "CVE-2014-9854", "CVE-2015-8894", "CVE-2015-8895", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-883.NASL", "href": "https://www.tenable.com/plugins/nessus/92487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-883.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92487);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\", \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\", \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\", \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\", \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\", \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\", \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-883)\");\n script_summary(english:\"Check for the openSUSE-2016-883 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file\n handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file\n (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file\n handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image\n (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling\n (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file\n (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file\n (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file\n (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic\n (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block\n (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has\n been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling\n (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption)\n (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar\n (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop)\n (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in\n ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to\n corrupted file. (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder\n (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c\n (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of\n TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in\n magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221\n (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in\n coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage\n (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm\n coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files.\n (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file\n (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file\n (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files\n (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in\n DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling\n (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file\n (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in\n the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle\n file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file\n (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file\n (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management\n (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file\n (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in\n MagickCore/draw.c in ImageMagick made an incorrect\n function call in attempting to locate the next token,\n which allowed remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in\n MagickCore/draw.c in ImageMagick mishandled the\n relationship between the BezierQuantum value and certain\n strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in\n MagickCore/draw.c in ImageMagick mishandled calculations\n of certain vertices integer data, which allowed remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder\n (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks\n (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file\n (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE\n (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in\n MagickCore/property.c:1396 could have lead to memory\n leak (bnc#986608).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986609\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:37", "description": "ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to corrupted file. (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files.\n (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could have lead to memory leak (bnc#986608).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1784-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9825", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9832", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9841", "CVE-2014-9842", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9850", "CVE-2014-9851", "CVE-2014-9852", "CVE-2014-9853", "CVE-2014-9854", "CVE-2015-8894", "CVE-2015-8895", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1784-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1784-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93179);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\", \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\", \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\", \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\", \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\", \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\", \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1784-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file\n handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file\n (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file\n handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image\n (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling\n (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file\n (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file\n (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file\n (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic\n (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block\n (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has\n been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling\n (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption)\n (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar\n (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop)\n (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in\n ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Prevent leak of file descriptor due to\n corrupted file. (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder\n (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c\n (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of\n TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in\n magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221\n (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in\n coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage\n (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm\n coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images.\n (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files.\n (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file\n (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file\n (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images.\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files\n (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in\n DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling\n (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file\n (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in\n the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle\n file. (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file\n (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file\n (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management\n (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder. (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file\n (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file.\n (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in\n MagickCore/draw.c in ImageMagick made an incorrect\n function call in attempting to locate the next token,\n which allowed remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in\n MagickCore/draw.c in ImageMagick mishandled the\n relationship between the BezierQuantum value and certain\n strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in\n MagickCore/draw.c in ImageMagick mishandled calculations\n of certain vertices integer data, which allowed remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder\n (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks\n (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file\n (bsc#984028).\n\n - CVE-2016-5841: Integer overflow could have read to RCE\n (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in\n MagickCore/property.c:1396 could have lead to memory\n leak (bnc#986608).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9811/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9813/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9814/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9817/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9818/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9819/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9820/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9821/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9823/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9824/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9825/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9826/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9829/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9831/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9832/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9834/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9842/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9843/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9846/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9848/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9849/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9850/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9851/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9852/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9854/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8898/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8900/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8903/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4562/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5689/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5691/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5841/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5842/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161784-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e242a6a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-1041=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1041=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1041=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1041=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:54", "description": "ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Leaked file descriptor due to corrupted file (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle file (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in MagickCore/draw.c in ImageMagick made an incorrect function call in attempting to locate the next token, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick mishandled the relationship between the BezierQuantum value and certain strokes data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick mishandled calculations of certain vertices integer data, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file (bsc#984028).\n\n - CVE-2016-5841: Out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in MagickCore/property.c:1396 could lead to memory leak/ Integer overflow read to RCE (bnc#986608).", "cvss3": {}, "published": "2016-07-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-840)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9825", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9832", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9841", "CVE-2014-9842", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9850", "CVE-2014-9851", "CVE-2014-9852", "CVE-2014-9853", "CVE-2014-9854", "CVE-2015-8894", "CVE-2015-8895", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-2-32bit"], "id": "OPENSUSE-2016-840.NASL", "href": "https://www.tenable.com/plugins/nessus/91967", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-840.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91967);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\", \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\", \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9832\", \"CVE-2014-9833\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\", \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\", \"CVE-2014-9842\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\", \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\", \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-840)\");\n script_summary(english:\"Check for the openSUSE-2016-840 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ImageMagick was updated to fix 66 security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-9810: SEGV in dpx file handler (bsc#983803).\n\n - CVE-2014-9811: Crash in xwd file handler (bsc#984032).\n\n - CVE-2014-9812: NULL pointer dereference in ps file\n handling (bsc#984137).\n\n - CVE-2014-9813: Crash on corrupted viff file\n (bsc#984035).\n\n - CVE-2014-9814: NULL pointer dereference in wpg file\n handling (bsc#984193).\n\n - CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).\n\n - CVE-2014-9816: Out of bound access in viff image\n (bsc#984398).\n\n - CVE-2014-9817: Heap buffer overflow in pdb file handling\n (bsc#984400).\n\n - CVE-2014-9818: Out of bound access on malformed sun file\n (bsc#984181).\n\n - CVE-2014-9819: Heap overflow in palm files (bsc#984142).\n\n - CVE-2014-9830: Handling of corrupted sun file\n (bsc#984135).\n\n - CVE-2014-9831: Handling of corrupted wpg file\n (bsc#984375).\n\n - CVE-2014-9850: Incorrect thread limit logic\n (bsc#984149).\n\n - CVE-2014-9851: Crash when parsing resource block\n (bsc#984160).\n\n - CVE-2014-9852: Incorrect usage of object after it has\n been destroyed (bsc#984191).\n\n - CVE-2014-9853: Memory leak in rle file handling\n (bsc#984408).\n\n - CVE-2015-8902: PDB file DoS (CPU consumption)\n (bsc#983253).\n\n - CVE-2015-8903: Denial of service (cpu) in vicar\n (bsc#983259).\n\n - CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).\n\n - CVE-2015-8901: MIFF file DoS (endless loop)\n (bsc#983234).\n\n - CVE-2016-5688: Various invalid memory reads in\n ImageMagick WPG (bsc#985442).\n\n - CVE-2014-9834: Heap overflow in pict file (bsc#984436).\n\n - CVE-2014-9806: Leaked file descriptor due to corrupted\n file (bsc#983774).\n\n - CVE-2016-5687: Out of bounds read in DDS coder\n (bsc#985448).\n\n - CVE-2014-9838: Out of memory crash in magick/cache.c\n (bsc#984370).\n\n - CVE-2014-9854: Filling memory during identification of\n TIFF image (bsc#984184).\n\n - CVE-2015-8898: Prevent NULL pointer access in\n magick/constitute.c (bsc#983746).\n\n - CVE-2014-9833: Heap overflow in psd file (bsc#984406).\n\n - CVE-2015-8894: Double free in coders/tga.c:221\n (bsc#983523).\n\n - CVE-2015-8895: Integer and Buffer overflow in\n coders/icon.c (bsc#983527).\n\n - CVE-2015-8896: Double free / integer truncation issue in\n coders/pict.c:2000 (bsc#983533).\n\n - CVE-2015-8897: Out of bounds error in SpliceImage\n (bsc#983739).\n\n - CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).\n\n - CVE-2016-5691: Checks for pixel.red/green/blue in dcm\n coder (bsc#985456).\n\n - CVE-2014-9836: Crash in xpm file handling (bsc#984023).\n\n - CVE-2014-9808: SEGV due to corrupted dpc images\n (bsc#983796).\n\n - CVE-2014-9821: Avoid heap overflow in pnm files\n (bsc#984014).\n\n - CVE-2014-9820: Heap overflow in xpm files (bsc#984150).\n\n - CVE-2014-9823: Heap overflow in palm file (bsc#984401).\n\n - CVE-2014-9822: Heap overflow in quantum file\n (bsc#984187).\n\n - CVE-2014-9825: Heap overflow in corrupted psd file\n (bsc#984427).\n\n - CVE-2014-9824: Heap overflow in psd file (bsc#984185).\n\n - CVE-2014-9809: SEGV due to corrupted xwd images\n (bsc#983799).\n\n - CVE-2014-9826: Incorrect error handling in sun files\n (bsc#984186).\n\n - CVE-2014-9843: Incorrect boundary checks in\n DecodePSDPixels (bsc#984179).\n\n - CVE-2014-9842: Memory leak in psd handling (bsc#984374).\n\n - CVE-2014-9841: Throwing of exceptions in psd handling\n (bsc#984172).\n\n - CVE-2014-9840: Out of bound access in palm file\n (bsc#984433).\n\n - CVE-2014-9847: Incorrect handling of 'previous' image in\n the JNG decoder (bsc#984144).\n\n - CVE-2014-9846: Added checks to prevent overflow in rle\n file (bsc#983521).\n\n - CVE-2014-9845: Crash due to corrupted dib file\n (bsc#984394).\n\n - CVE-2014-9844: Out of bound issue in rle file\n (bsc#984373).\n\n - CVE-2014-9849: Crash in png coder (bsc#984018).\n\n - CVE-2014-9848: Memory leak in quantum management\n (bsc#984404).\n\n - CVE-2014-9807: Double free in pdb coder (bsc#983794).\n\n - CVE-2014-9829: Out of bound access in sun file\n (bsc#984409).\n\n - CVE-2014-9832: Heap overflow in pcx file (bsc#984183).\n\n - CVE-2014-9805: SEGV due to a corrupted pnm file\n (bsc#983752).\n\n - CVE-2016-4564: The DrawImage function in\n MagickCore/draw.c in ImageMagick made an incorrect\n function call in attempting to locate the next token,\n which allowed remote attackers to cause a denial of\n service (buffer overflow and application crash) or\n possibly have unspecified other impact via a crafted\n file (bsc#983308).\n\n - CVE-2016-4563: The TraceStrokePolygon function in\n MagickCore/draw.c in ImageMagick mishandled the\n relationship between the BezierQuantum value and certain\n strokes data, which allowed remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file (bsc#983305).\n\n - CVE-2016-4562: The DrawDashPolygon function in\n MagickCore/draw.c in ImageMagick mishandled calculations\n of certain vertices integer data, which allowed remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file (bsc#983292).\n\n - CVE-2014-9839: Theoretical out of bound access in\n magick/colormap-private.h (bsc#984379).\n\n - CVE-2016-5689: NULL ptr dereference in dcm coder\n (bsc#985460).\n\n - CVE-2014-9837: Additional PNM sanity checks\n (bsc#984166).\n\n - CVE-2014-9835: Heap overflow in wpf file (bsc#984145).\n\n - CVE-2014-9828: Corrupted (too many colors) psd file\n (bsc#984028).\n\n - CVE-2016-5841: Out-of-bounds read in\n MagickCore/property.c:1396 could lead to memory leak/\n Integer overflow read to RCE (bnc#986609).\n\n - CVE-2016-5842: Out-of-bounds read in\n MagickCore/property.c:1396 could lead to memory leak/\n Integer overflow read to RCE (bnc#986608).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986609\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:37", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.",