ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804

2022-02-15T13:07:00

Description

* [CVE-2017-1000476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000476>) ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. * [CVE-2017-11166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11166>) The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. * [CVE-2017-12805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12805>) In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. * [CVE-2017-12806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12806>) In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. * [CVE-2017-18251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18251>) An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. * [CVE-2017-18252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18252>) An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. * [CVE-2017-18254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18254>) An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. * [CVE-2017-18271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18271>) In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. * [CVE-2017-18273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18273>) In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. * [CVE-2018-10804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10804>) ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. Impact There is no impact; F5 products are not affected by this vulnerability.

{"id": "F5:K45139744", "vendorId": null, "type": "f5", "bulletinFamily": "software", "title": "ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804", "description": " * [CVE-2017-1000476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000476>)\n\nImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.\n\n * [CVE-2017-11166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11166>)\n\nThe ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.\n\n * [CVE-2017-12805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12805>)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.\n\n * [CVE-2017-12806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12806>)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.\n\n * [CVE-2017-18251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18251>)\n\nAn issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.\n\n * [CVE-2017-18252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18252>)\n\nAn issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.\n\n * [CVE-2017-18254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18254>)\n\nAn issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.\n\n * [CVE-2017-18271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18271>)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.\n\n * [CVE-2017-18273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18273>)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.\n\n * [CVE-2018-10804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10804>)\n\nImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "published": "2022-02-15T13:07:00", "modified": "2022-02-15T13:07:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://support.f5.com/csp/article/K45139744", "reporter": "f5", "references": [], "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10804"], "immutableFields": [], "lastseen": "2022-02-15T19:29:25", "viewCount": 18, "enchantments": {"backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1391"]}, {"type": "centos", "idList": ["CESA-2020:1180"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-18271", "CVE-2017-18273"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1229-1:CF413", "DEBIAN:DLA-1381-1:CD589"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-1000476", "DEBIANCVE:CVE-2017-11166", "DEBIANCVE:CVE-2017-12805", "DEBIANCVE:CVE-2017-12806", "DEBIANCVE:CVE-2017-18251", "DEBIANCVE:CVE-2017-18252", "DEBIANCVE:CVE-2017-18254", "DEBIANCVE:CVE-2017-18271", "DEBIANCVE:CVE-2017-18273", "DEBIANCVE:CVE-2018-10804"]}, {"type": "fedora", "idList": ["FEDORA:408C160062DD", "FEDORA:C7F6A6178920"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2017-18252/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2020-1180.NASL", "DEBIAN_DLA-1229.NASL", "DEBIAN_DLA-1381.NASL", "OPENSUSE-2018-533.NASL", "SUSE_SU-2018-0055-1.NASL", "UBUNTU_USN-3681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556", "OPENVAS:1361412562310851768", "OPENVAS:1361412562310891229", "OPENVAS:1361412562310891381"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1180"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18271", "RH:CVE-2017-18273", "RH:CVE-2018-10804"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1439-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12805", "UB:CVE-2017-12806", "UB:CVE-2017-18251", "UB:CVE-2017-18252", "UB:CVE-2017-18254", "UB:CVE-2017-18271", "UB:CVE-2017-18273", "UB:CVE-2018-10804"]}]}, "score": {"value": 4.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1391", "ALAS2-2020-1497"]}, {"type": "centos", "idList": ["CESA-2020:1180"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:80C2D4782A9C66C624197F365BCE16DC", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10804"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1229-1:CF413", "DEBIAN:DLA-1381-1:8FA68", "DEBIAN:DLA-1381-1:CD589", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DLA-2333-1:CBE2B", "DEBIAN:DLA-2333-1:FD35B", "DEBIAN:DLA-2366-1:3ECD0", "DEBIAN:DLA-2366-1:54E1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-1000476", "DEBIANCVE:CVE-2017-11166", "DEBIANCVE:CVE-2017-12805", "DEBIANCVE:CVE-2017-12806", "DEBIANCVE:CVE-2017-18251", "DEBIANCVE:CVE-2017-18252", "DEBIANCVE:CVE-2017-18254", "DEBIANCVE:CVE-2017-18271", "DEBIANCVE:CVE-2017-18273", "DEBIANCVE:CVE-2018-10804"]}, {"type": "fedora", "idList": ["FEDORA:408C160062DD", "FEDORA:C7F6A6178920"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B"]}, {"type": "mageia", "idList": ["MGASA-2018-0496"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1497.NASL", "ALA_ALAS-2020-1391.NASL", "CENTOS_RHSA-2020-1180.NASL", "DEBIAN_DLA-1229.NASL", "DEBIAN_DLA-1381.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DLA-2333.NASL", "DEBIAN_DLA-2366.NASL", "EULEROS_SA-2020-1806.NASL", "EULEROS_SA-2020-2090.NASL", "EULEROS_SA-2020-2349.NASL", "FEDORA_2019-425A1AA7C9.NASL", "FEDORA_2019-DA4C20882C.NASL", "NEWSTART_CGSL_NS-SA-2020-0079_IMAGEMAGICK.NASL", "NEWSTART_CGSL_NS-SA-2020-0119_IMAGEMAGICK.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "OPENSUSE-2018-230.NASL", "OPENSUSE-2018-36.NASL", "OPENSUSE-2018-407.NASL", "OPENSUSE-2018-442.NASL", "OPENSUSE-2018-533.NASL", "OPENSUSE-2018-690.NASL", "OPENSUSE-2019-1683.NASL", "REDHAT-RHSA-2020-1180.NASL", "SL_20200407_IMAGEMAGICK_ON_SL7_X.NASL", "SUSE_SU-2018-0055-1.NASL", "SUSE_SU-2018-0132-1.NASL", "SUSE_SU-2018-0486-1.NASL", "SUSE_SU-2018-0581-1.NASL", "SUSE_SU-2018-1129-1.NASL", "SUSE_SU-2018-1178-1.NASL", "SUSE_SU-2018-1851-1.NASL", "SUSE_SU-2018-2465-1.NASL", "SUSE_SU-2019-1712-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-4034-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107308", "OPENVAS:1361412562310107607", "OPENVAS:1361412562310107608", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310844071", "OPENVAS:1361412562310851768", "OPENVAS:1361412562310851807", "OPENVAS:1361412562310852605", "OPENVAS:1361412562310876545", "OPENVAS:1361412562310876546", "OPENVAS:1361412562310891229", "OPENVAS:1361412562310891381", "OPENVAS:1361412562310891785"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1180"]}, {"type": "osv", "idList": ["OSV:DLA-1229-1", "OSV:DLA-1381-1", "OSV:DLA-1785-1", "OSV:DLA-2333-1", "OSV:DLA-2366-1"]}, {"type": "redhat", "idList": ["RHSA-2020:1180"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000476", "RH:CVE-2017-11166", "RH:CVE-2017-12805", "RH:CVE-2017-12806", "RH:CVE-2017-18251", "RH:CVE-2017-18252", "RH:CVE-2017-18254", "RH:CVE-2017-18271", "RH:CVE-2017-18273", "RH:CVE-2018-10804"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1439-1", "OPENSUSE-SU-2018:1860-1", "OPENSUSE-SU-2019:1683-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1", "USN-4034-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-1000476", "UB:CVE-2017-11166", "UB:CVE-2017-12805", "UB:CVE-2017-12806", "UB:CVE-2017-18251", "UB:CVE-2017-18252", "UB:CVE-2017-18254", "UB:CVE-2017-18271", "UB:CVE-2017-18273", "UB:CVE-2018-10804"]}, {"type": "veracode", "idList": ["VERACODE:22880", "VERACODE:22881"]}]}, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2017-1000476", "epss": "0.002290000", "percentile": "0.593320000", "modified": "2023-03-18"}, {"cve": "CVE-2017-11166", "epss": "0.000570000", "percentile": "0.216700000", "modified": "2023-03-18"}, {"cve": "CVE-2017-12805", "epss": "0.009440000", "percentile": "0.807610000", "modified": "2023-03-17"}, {"cve": "CVE-2017-12806", "epss": "0.009440000", "percentile": "0.807610000", "modified": "2023-03-17"}, {"cve": "CVE-2017-18251", "epss": "0.001090000", "percentile": "0.421760000", "modified": "2023-03-18"}, {"cve": "CVE-2017-18252", "epss": "0.001250000", "percentile": "0.452960000", "modified": "2023-03-18"}, {"cve": "CVE-2017-18254", "epss": "0.001090000", "percentile": "0.421760000", "modified": "2023-03-18"}, {"cve": "CVE-2017-18271", "epss": "0.003180000", "percentile": "0.657610000", "modified": "2023-03-18"}, {"cve": "CVE-2017-18273", "epss": "0.003530000", "percentile": "0.675340000", "modified": "2023-03-18"}, {"cve": "CVE-2018-10804", "epss": "0.000760000", "percentile": "0.307210000", "modified": "2023-03-18"}], "vulnersScore": 4.7}, "_state": {"dependencies": 1669649253, "score": 1669649782, "affected_software_major_version": 1669649783, "epss": 1679178262}, "_internal": {"score_hash": "50e994f66beff118a8468504e2fdad16"}, "affectedSoftware": []}

{"nessus": [{"lastseen": "2023-01-26T14:40:38", "description": "This update for ImageMagick fixes the following issues :\n\n - security update (png.c)\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773]\n\n - CVE-2018-10177: there is an infinite loop in the ReadOneMNGImagefunction of the coders/png.c file. Remote attackers could leverage thisvulnerability to cause a denial of service (bsc#1089781)\n\n - security update (wand)\n\n - CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033]\n\n - security update (gif.c)\n\n - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - security update (core)\n\n - CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\n - security update (pcd.c)\n\n - CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - security update (gif.c)\n\n - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - security update (tiff.c)\n\n - CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick memory allocation issue could lead to denial of service (bsc#1086782)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-03T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:1129-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-10928", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2018-10177", "CVE-2018-8960", "CVE-2018-9018"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1129-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1129-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109550);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-10928\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2018-10177\", \"CVE-2018-8960\", \"CVE-2018-9018\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:1129-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update (png.c)\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage\n function of coders/png.c. Attackers could leverage this\n vulnerability to cause a crash and denial of service via\n a crafted mng file. [bsc#1086773]\n\n - CVE-2018-10177: there is an infinite loop in the\n ReadOneMNGImagefunction of the coders/png.c file. Remote\n attackers could leverage thisvulnerability to cause a\n denial of service (bsc#1089781)\n\n - security update (wand)\n\n - CVE-2017-18252: The MogrifyImageList function in\n MagickWand/mogrify.c could allow attackers to cause a\n denial of service via a crafted file. [bsc#1087033]\n\n - security update (gif.c)\n\n - CVE-2017-18254: A memory leak vulnerability was found in\n the function WriteGIFImage in coders/gif.c, which could\n lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - security update (core)\n\n - CVE-2017-10928: a heap-based buffer over-read in the\n GetNextToken function in token.c could allow attackers\n to obtain sensitive information from process memory or\n possibly have unspecified other impact via a crafted SVG\n document that is mishandled in the\n GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\n - security update (pcd.c)\n\n - CVE-2017-18251: A memory leak vulnerability was found in\n the function ReadPCDImage in coders/pcd.c, which could\n lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - security update (gif.c)\n\n - CVE-2017-18254: A memory leak vulnerability was found in\n the function WriteGIFImage in coders/gif.c, which could\n lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - security update (tiff.c)\n\n - CVE-2018-8960: The ReadTIFFImage function in\n coders/tiff.c in ImageMagick memory allocation issue\n could lead to denial of service (bsc#1086782)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000476/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10928/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10177/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9018/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181129-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a4a03f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13586=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13586=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13586=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-78.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-78.45.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-78.45.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:36:40", "description": "Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause a denial of service via CPU exhaustion (infinite loop) or heap-based buffer overreads with a crafted image file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u22.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "Debian DLA-1381-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18271", "CVE-2017-18273", "CVE-2018-11251"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1381.NASL", "href": "https://www.tenable.com/plugins/nessus/110055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1381-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110055);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-11251\");\n\n script_name(english:\"Debian DLA-1381-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were discovered in ImageMagick, an\nimage manipulation program, that allow remote attackers to cause a\ndenial of service via CPU exhaustion (infinite loop) or heap-based\nbuffer overreads with a crafted image file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u22.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u22\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:41:25", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allowed attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. [bsc#1058635]\n\n - CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allowed attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.\n [bsc#1074117]\n\n - CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service via a crafted file. [bsc#1087039]\n\n - CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033]\n\n - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick did not properly restrict memory allocation, leading to a heap-based buffer over-read. [bsc#1086782]\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773]\n\n - CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c could lead to denial of service. [bsc#1087825]\n\n - CVE-2018-10177: In ImageMagick, there was an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.\n [bsc#1089781]\n\n - CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1178-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-10928", "CVE-2017-11450", "CVE-2017-14325", "CVE-2017-17887", "CVE-2017-18250", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2018-10177", "CVE-2018-8960", "CVE-2018-9018", "CVE-2018-9135"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1178-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109673", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1178-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109673);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-10928\", \"CVE-2017-11450\", \"CVE-2017-14325\", \"CVE-2017-17887\", \"CVE-2017-18250\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2018-10177\", \"CVE-2018-8960\", \"CVE-2018-9018\", \"CVE-2018-9135\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1178-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14325: In ImageMagick, a memory leak\n vulnerability was found in the function\n PersistPixelCache in magick/cache.c, which allowed\n attackers to cause a denial of service (memory\n consumption in ReadMPCImage in coders/mpc.c) via a\n crafted file. [bsc#1058635]\n\n - CVE-2017-17887: In ImageMagick, a memory leak\n vulnerability was found in the function\n GetImagePixelCache in magick/cache.c, which allowed\n attackers to cause a denial of service via a crafted MNG\n image file that is processed by ReadOneMNGImage.\n [bsc#1074117]\n\n - CVE-2017-18250: A NULL pointer dereference vulnerability\n was found in the function LogOpenCLBuildFailure in\n MagickCore/opencl.c, which could lead to a denial of\n service via a crafted file. [bsc#1087039]\n\n - CVE-2017-18251: A memory leak vulnerability was found in\n the function ReadPCDImage in coders/pcd.c, which could\n lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - CVE-2017-18252: The MogrifyImageList function in\n MagickWand/mogrify.c could allow attackers to cause a\n denial of service via a crafted file. [bsc#1087033]\n\n - CVE-2017-18254: A memory leak vulnerability was found in\n the function WriteGIFImage in coders/gif.c, which could\n lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - CVE-2018-8960: The ReadTIFFImage function in\n coders/tiff.c in ImageMagick did not properly restrict\n memory allocation, leading to a heap-based buffer\n over-read. [bsc#1086782]\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage\n function of coders/png.c. Attackers could leverage this\n vulnerability to cause a crash and denial of service via\n a crafted mng file. [bsc#1086773]\n\n - CVE-2018-9135: heap-based buffer over-read in\n IsWEBPImageLossless in coders/webp.c could lead to\n denial of service. [bsc#1087825]\n\n - CVE-2018-10177: In ImageMagick, there was an infinite\n loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability\n to cause a denial of service via a crafted mng file.\n [bsc#1089781]\n\n - CVE-2017-10928: a heap-based buffer over-read in the\n GetNextToken function in token.c could allow attackers\n to obtain sensitive information from process memory or\n possibly have unspecified other impact via a crafted SVG\n document that is mishandled in the\n GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000476/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10928/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11450/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14325/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17887/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18250/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10177/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9018/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9135/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181178-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a4a2399\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-818=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-818=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-818=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-818=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.54.5\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.54.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:40:51", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allowed attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. [bsc#1058635]\n\n - CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allowed attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.\n [bsc#1074117]\n\n - CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service via a crafted file. [bsc#1087039]\n\n - CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033]\n\n - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick did not properly restrict memory allocation, leading to a heap-based buffer over-read. [bsc#1086782]\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773]\n\n - CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c could lead to denial of service. [bsc#1087825]\n\n - CVE-2018-10177: In ImageMagick, there was an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.\n [bsc#1089781]\n\n - CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-442)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-10928", "CVE-2017-11450", "CVE-2017-14325", "CVE-2017-17887", "CVE-2017-18250", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2018-10177", "CVE-2018-8960", "CVE-2018-9018", "CVE-2018-9135"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-442.NASL", "href": "https://www.tenable.com/plugins/nessus/109715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-442.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109715);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-10928\", \"CVE-2017-11450\", \"CVE-2017-14325\", \"CVE-2017-17887\", \"CVE-2017-18250\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2018-10177\", \"CVE-2018-8960\", \"CVE-2018-9018\", \"CVE-2018-9135\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-442)\");\n script_summary(english:\"Check for the openSUSE-2018-442 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14325: In ImageMagick, a memory leak\n vulnerability was found in the function\n PersistPixelCache in magick/cache.c, which allowed\n attackers to cause a denial of service (memory\n consumption in ReadMPCImage in coders/mpc.c) via a\n crafted file. [bsc#1058635]\n\n - CVE-2017-17887: In ImageMagick, a memory leak\n vulnerability was found in the function\n GetImagePixelCache in magick/cache.c, which allowed\n attackers to cause a denial of service via a crafted MNG\n image file that is processed by ReadOneMNGImage.\n [bsc#1074117]\n\n - CVE-2017-18250: A NULL pointer dereference vulnerability\n was found in the function LogOpenCLBuildFailure in\n MagickCore/opencl.c, which could lead to a denial of\n service via a crafted file. [bsc#1087039]\n\n - CVE-2017-18251: A memory leak vulnerability was found in\n the function ReadPCDImage in coders/pcd.c, which could\n lead to a denial of service via a crafted file.\n [bsc#1087037]\n\n - CVE-2017-18252: The MogrifyImageList function in\n MagickWand/mogrify.c could allow attackers to cause a\n denial of service via a crafted file. [bsc#1087033]\n\n - CVE-2017-18254: A memory leak vulnerability was found in\n the function WriteGIFImage in coders/gif.c, which could\n lead to denial of service via a crafted file.\n [bsc#1087027]\n\n - CVE-2018-8960: The ReadTIFFImage function in\n coders/tiff.c in ImageMagick did not properly restrict\n memory allocation, leading to a heap-based buffer\n over-read. [bsc#1086782]\n\n - CVE-2018-9018: divide-by-zero in the ReadMNGImage\n function of coders/png.c. Attackers could leverage this\n vulnerability to cause a crash and denial of service via\n a crafted mng file. [bsc#1086773]\n\n - CVE-2018-9135: heap-based buffer over-read in\n IsWEBPImageLossless in coders/webp.c could lead to\n denial of service. [bsc#1087825]\n\n - CVE-2018-10177: In ImageMagick, there was an infinite\n loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability\n to cause a denial of service via a crafted mng file.\n [bsc#1089781]\n\n - CVE-2017-10928: a heap-based buffer over-read in the\n GetNextToken function in token.c could allow attackers\n to obtain sensitive information from process memory or\n possibly have unspecified other impact via a crafted SVG\n document that is mishandled in the\n GetUserSpaceCoordinateValue function in coders/svg.c.\n [bsc#1047356]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089781\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-61.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-61.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:37:06", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-18271: An infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service was fixed. (boo#1094204)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-05-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-533)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18271"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-533.NASL", "href": "https://www.tenable.com/plugins/nessus/110180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-533.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-18271\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-533)\");\n script_summary(english:\"Check for the openSUSE-2018-533 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-18271: An infinite loop in the function\n ReadMIFFImage in coders/miff.c, which allows attackers\n to cause a denial of service was fixed. (boo#1094204)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094204\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-90.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:33:29", "description": "It was discovered that there were two vulnerabilities in the imagemagick image manipulation program :\n\nCVE-2017-1000445: A NULL pointer dereference in the MagickCore component which could lead to denial of service.\n\nCVE-2017-1000476: A potential denial of service attack via CPU exhaustion.\n\nFor Debian 7 'Wheezy', this issue has been fixed in imagemagick version 8:6.7.7.10-5+deb7u20.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "Debian DLA-1229-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1229.NASL", "href": "https://www.tenable.com/plugins/nessus/105557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1229-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105557);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\");\n\n script_name(english:\"Debian DLA-1229-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were two vulnerabilities in the\nimagemagick image manipulation program :\n\nCVE-2017-1000445: A NULL pointer dereference in the MagickCore\ncomponent which could lead to denial of service.\n\nCVE-2017-1000476: A potential denial of service attack via\nCPU exhaustion.\n\nFor Debian 7 'Wheezy', this issue has been fixed in imagemagick\nversion 8:6.7.7.10-5+deb7u20.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:46:46", "description": "This update for GraphicsMagick fixes the following issues :\n\n - security update (core)\n\n - CVE-2018-6799: The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. [boo#1080522]\n\n - security update (png.c)\n\n - CVE-2018-9018: In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [boo#1086773]\n\n - security update (gif.c)\n\n - CVE-2017-18254: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. [boo#1087027]\n\n - security update (pcd.c)\n\n - CVE-2017-18251: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. [boo#1087037]\n\n - CVE-2017-18229: An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. [boo#1085236]\n\n - CVE-2017-11641: GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.[boo#1050623]\n\n - CVE-2017-13066: GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. [boo#1055010]\n\n - CVE-2018-10177: Specially crafted PNG images may have triggered an infinite loop [bsc#1089781]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-407)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11641", "CVE-2017-13066", "CVE-2017-18229", "CVE-2017-18251", "CVE-2017-18254", "CVE-2018-10177", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-407.NASL", "href": "https://www.tenable.com/plugins/nessus/109521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-407.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109521);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11641\", \"CVE-2017-13066\", \"CVE-2017-18229\", \"CVE-2017-18251\", \"CVE-2017-18254\", \"CVE-2018-10177\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-407)\");\n script_summary(english:\"Check for the openSUSE-2018-407 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - security update (core)\n\n - CVE-2018-6799: The AcquireCacheNexus function in\n magick/pixel_cache.c in GraphicsMagick before 1.3.28\n allows remote attackers to cause a denial of service\n (heap overwrite) or possibly have unspecified other\n impact via a crafted image file, because a pixel staging\n area is not used. [boo#1080522]\n\n - security update (png.c)\n\n - CVE-2018-9018: In GraphicsMagick 1.3.28, there is a\n divide-by-zero in the ReadMNGImage function of\n coders/png.c. Remote attackers could leverage this\n vulnerability to cause a crash and denial of service via\n a crafted mng file. [boo#1086773]\n\n - security update (gif.c)\n\n - CVE-2017-18254: An issue was discovered in ImageMagick\n 7.0.7. A memory leak vulnerability was found in the\n function WriteGIFImage in coders/gif.c, which allow\n remote attackers to cause a denial of service via a\n crafted file. [boo#1087027]\n\n - security update (pcd.c)\n\n - CVE-2017-18251: An issue was discovered in ImageMagick\n 7.0.7. A memory leak vulnerability was found in the\n function ReadPCDImage in coders/pcd.c, which allow\n remote attackers to cause a denial of service via a\n crafted file. [boo#1087037]\n\n - CVE-2017-18229: An issue was discovered in\n GraphicsMagick 1.3.26. An allocation failure\n vulnerability was found in the function ReadTIFFImage in\n coders/tiff.c, which allows attackers to cause a denial\n of service via a crafted file, because file size is not\n properly used to restrict scanline, strip, and tile\n allocations. [boo#1085236]\n\n - CVE-2017-11641: GraphicsMagick 1.3.26 has a Memory Leak\n in the PersistCache function in magick/pixel_cache.c\n during writing of Magick Persistent Cache (MPC)\n files.[boo#1050623]\n\n - CVE-2017-13066: GraphicsMagick 1.3.26 has a memory leak\n vulnerability in the function CloneImage in\n magick/image.c. [boo#1055010]\n\n - CVE-2018-10177: Specially crafted PNG images may have\n triggered an infinite loop [bsc#1089781]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089781\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-87.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:26", "description": "This update for ImageMagick fixes the following issues: These security issues were fixed :\n\n - CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277).\n\n - CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356).\n\n - CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820).\n\n - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237).\n\n - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204).\n\n - CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730)\n\n - CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813)\n\n - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-07-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1851-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10928", "CVE-2017-13758", "CVE-2017-18271", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11655", "CVE-2018-9133"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1851-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1851-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110837);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2017-10928\", \"CVE-2017-13758\", \"CVE-2017-18271\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11655\", \"CVE-2018-9133\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1851-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: These security\nissues were fixed :\n\n - CVE-2017-13758: Prevent heap-based buffer overflow in\n the TracePoint() function (bsc#1056277).\n\n - CVE-2017-10928: Prevent heap-based buffer over-read in\n the GetNextToken function that allowed remote attackers\n to obtain sensitive information from process memory or\n possibly have unspecified other impact via a crafted SVG\n document (bsc#1047356).\n\n - CVE-2018-9133: Long compute times in the tiff decoder\n have been fixed (bsc#1087820).\n\n - CVE-2018-11251: Heap-based buffer over-read in\n ReadSUNImage in coders/sun.c, which allows attackers to\n cause denial of service (bsc#1094237).\n\n - CVE-2017-18271: Infinite loop in the function\n ReadMIFFImage in coders/miff.c, which allows attackers\n to cause a denial of service (bsc#1094204).\n\n - CVE-2018-11655: Memory leak in the GetImagePixelCache in\n MagickCore/cache.c was fixed (bsc#1095730)\n\n - CVE-2018-10804: Memory leak in WriteTIFFImage in\n coders/tiff.c was fixed (bsc#1095813)\n\n - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c,\n cmyk.c, gray.c, ycbcr.c (bsc#1095812)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10928/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18271/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10804/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9133/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181851-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ee1ccbc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-1249=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1249=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1249=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1249=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.65.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.65.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:42:37", "description": "This update for ImageMagick fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277).\n\n - CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356).\n\n - CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820).\n\n - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237).\n\n - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204).\n\n - CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730)\n\n - CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813)\n\n - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-07-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-690)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10928", "CVE-2017-13758", "CVE-2017-18271", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11655", "CVE-2018-9133"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-690.NASL", "href": "https://www.tenable.com/plugins/nessus/110834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-690.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110834);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10928\", \"CVE-2017-13758\", \"CVE-2017-18271\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11655\", \"CVE-2018-9133\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-690)\");\n script_summary(english:\"Check for the openSUSE-2018-690 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2017-13758: Prevent heap-based buffer overflow in\n the TracePoint() function (bsc#1056277).\n\n - CVE-2017-10928: Prevent heap-based buffer over-read in\n the GetNextToken function that allowed remote attackers\n to obtain sensitive information from process memory or\n possibly have unspecified other impact via a crafted SVG\n document (bsc#1047356).\n\n - CVE-2018-9133: Long compute times in the tiff decoder\n have been fixed (bsc#1087820).\n\n - CVE-2018-11251: Heap-based buffer over-read in\n ReadSUNImage in coders/sun.c, which allows attackers to\n cause denial of service (bsc#1094237).\n\n - CVE-2017-18271: Infinite loop in the function\n ReadMIFFImage in coders/miff.c, which allows attackers\n to cause a denial of service (bsc#1094204).\n\n - CVE-2018-11655: Memory leak in the GetImagePixelCache in\n MagickCore/cache.c was fixed (bsc#1095730)\n\n - CVE-2018-10804: Memory leak in WriteTIFFImage in\n coders/tiff.c was fixed (bsc#1095813)\n\n - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c,\n cmyk.c, gray.c, ycbcr.c (bsc#1095812)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095813\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-64.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-02T15:05:11", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).\n\n - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).\n\n - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).\n\n - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).\n\n - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).\n\n - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).\n\n - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).\n\n - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).\n\n - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-07-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2019-1683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12805", "CVE-2017-12806", "CVE-2019-10131", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11505", "CVE-2019-11506", "CVE-2019-11597", "CVE-2019-11598"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-config-6-SUSE", "p-cpe:/a:novell:opensuse:ImageMagick-config-6-upstream", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/126438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1683.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126438);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-10131\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11505\", \"CVE-2019-11506\", \"CVE-2019-11597\", \"CVE-2019-11598\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2019-1683)\");\n script_summary(english:\"Check for the openSUSE-2019-1683 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-11597: Fixed a heap-based buffer over-read in\n the WriteTIFFImage() (bsc#1138464).\n\n - Fixed a file content disclosure via SVG and WMF decoding\n (bsc#1138425).- CVE-2019-11472: Fixed a denial of\n service in ReadXWDImage() (bsc#1133204).\n\n - CVE-2019-11470: Fixed a denial of service in\n ReadCINImage() (bsc#1133205).\n\n - CVE-2019-11506: Fixed a heap-based buffer overflow in\n the WriteMATLABImage() (bsc#1133498).\n\n - CVE-2019-11505: Fixed a heap-based buffer overflow in\n the WritePDBImage() (bsc#1133501).\n\n - CVE-2019-10131: Fixed a off-by-one read in\n formatIPTCfromBuffer function in coders/meta.c\n (bsc#1134075).\n\n - CVE-2017-12806: Fixed a denial of service through memory\n exhaustion in format8BIM() (bsc#1135232).\n\n - CVE-2017-12805: Fixed a denial of service through memory\n exhaustion in ReadTIFFImage() (bsc#1135236).\n\n - CVE-2019-11598: Fixed a heap-based buffer over-read in\n WritePNMImage() (bsc#1136732) We also now disable PCL in\n the -SUSE configuration, as it also uses ghostscript for\n decoding (bsc#1136183)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138464\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11506\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-config-6-SUSE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-config-6-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-85.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-85.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-config-6-SUSE / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-02T15:03:47", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464).\n\nFixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204).\n\nCVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205).\n\nCVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).\n\nCVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).\n\nCVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075).\n\nCVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232).\n\nCVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236).\n\nCVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732)\n\nWe also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-26T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1712-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12805", "CVE-2017-12806", "CVE-2019-10131", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11505", "CVE-2019-11506", "CVE-2019-11597", "CVE-2019-11598"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-config-6-SUSE", "p-cpe:/a:novell:suse_linux:ImageMagick-config-6-upstream", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1712-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1712-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126253);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-10131\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11505\", \"CVE-2019-11506\", \"CVE-2019-11597\", \"CVE-2019-11598\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1712-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11597: Fixed a heap-based buffer over-read in the\nWriteTIFFImage() (bsc#1138464).\n\nFixed a file content disclosure via SVG and WMF decoding\n(bsc#1138425).- CVE-2019-11472: Fixed a denial of service in\nReadXWDImage() (bsc#1133204).\n\nCVE-2019-11470: Fixed a denial of service in ReadCINImage()\n(bsc#1133205).\n\nCVE-2019-11506: Fixed a heap-based buffer overflow in the\nWriteMATLABImage() (bsc#1133498).\n\nCVE-2019-11505: Fixed a heap-based buffer overflow in the\nWritePDBImage() (bsc#1133501).\n\nCVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer\nfunction in coders/meta.c (bsc#1134075).\n\nCVE-2017-12806: Fixed a denial of service through memory exhaustion in\nformat8BIM() (bsc#1135232).\n\nCVE-2017-12805: Fixed a denial of service through memory exhaustion in\nReadTIFFImage() (bsc#1135236).\n\nCVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage()\n(bsc#1136732)\n\nWe also now disable PCL in the -SUSE configuration, as it also uses\nghostscript for decoding (bsc#1136183)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11598/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191712-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?865360d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1712=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-1712=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1712=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-1712=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1712=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-1712=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1712=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-1712=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11506\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-SUSE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ImageMagick-debugsource-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.123.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-10T14:55:06", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ImageMagick packages installed that are affected by multiple vulnerabilities:\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0079)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0079_IMAGEMAGICK.NASL", "href": "https://www.tenable.com/plugins/nessus/143964", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0079. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143964);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-1000476\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-18544\",\n \"CVE-2018-20467\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9956\",\n \"CVE-2019-10131\",\n \"CVE-2019-10650\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\"\n );\n script_bugtraq_id(\n 102428,\n 103498,\n 104591,\n 104687,\n 105137,\n 106268,\n 106315,\n 106561,\n 106847,\n 106848,\n 107333,\n 107546,\n 107646,\n 108102,\n 108117,\n 108448,\n 108492,\n 108913,\n 109099,\n 109308,\n 109362\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0079)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ImageMagick packages installed that are\naffected by multiple vulnerabilities:\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in\n coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng\n file. (CVE-2018-10177)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions\n (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of\n service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact\n via a crafted file. (CVE-2018-8804)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in\n coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows\n attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via\n a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18254)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in\n MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an\n attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted\n file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c\n was found. (CVE-2018-16750)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36\n 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory\n resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the\n function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in\n WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a\n crafted image file. (CVE-2019-10650)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure\n via a crafted image file. (CVE-2019-11597)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the\n header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of\n coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via\n a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which\n allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which\n allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in\n coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage\n in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage\n in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted\n image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in\n coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in\n MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in\n MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage\n error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of\n off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the\n formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end\n of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of\n coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image\n file. (CVE-2019-9956)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service\n (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This\n occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,\n with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial\n of service via a crafted file. (CVE-2018-20467)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in\n the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in\n the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the\n error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service\n (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to\n TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in\n tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-\n free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that\n is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in\n ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than\n CVE-2019-11472. (CVE-2019-15139)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can\n cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD\n file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of\n coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of\n coders/sgi.c. (CVE-2019-19948)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in\n MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by\n WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in\n MagickCore/constitute.c. (CVE-2019-16713)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0079\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ImageMagick packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'ImageMagick-6.9.10.68-3.el7',\n 'ImageMagick-c++-6.9.10.68-3.el7',\n 'ImageMagick-c++-devel-6.9.10.68-3.el7',\n 'ImageMagick-debuginfo-6.9.10.68-3.el7',\n 'ImageMagick-devel-6.9.10.68-3.el7',\n 'ImageMagick-doc-6.9.10.68-3.el7',\n 'ImageMagick-perl-6.9.10.68-3.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'ImageMagick-6.9.10.68-3.el7',\n 'ImageMagick-c++-6.9.10.68-3.el7',\n 'ImageMagick-c++-devel-6.9.10.68-3.el7',\n 'ImageMagick-debuginfo-6.9.10.68-3.el7',\n 'ImageMagick-devel-6.9.10.68-3.el7',\n 'ImageMagick-doc-6.9.10.68-3.el7',\n 'ImageMagick-perl-6.9.10.68-3.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ImageMagick');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:55:31", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by multiple vulnerabilities:\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0119)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0119_IMAGEMAGICK.NASL", "href": "https://www.tenable.com/plugins/nessus/143991", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0119. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143991);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-1000476\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-18544\",\n \"CVE-2018-20467\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9956\",\n \"CVE-2019-10131\",\n \"CVE-2019-10650\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\"\n );\n script_bugtraq_id(\n 102428,\n 103498,\n 104591,\n 104687,\n 105137,\n 106268,\n 106315,\n 106561,\n 106847,\n 106848,\n 107333,\n 107546,\n 107646,\n 108102,\n 108117,\n 108448,\n 108492,\n 108913,\n 109099,\n 109308,\n 109362\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are\naffected by multiple vulnerabilities:\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in\n coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng\n file. (CVE-2018-10177)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions\n (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of\n service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact\n via a crafted file. (CVE-2018-8804)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in\n coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows\n attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via\n a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18254)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in\n MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an\n attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted\n file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c\n was found. (CVE-2018-16750)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36\n 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory\n resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the\n function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in\n WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a\n crafted image file. (CVE-2019-10650)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure\n via a crafted image file. (CVE-2019-11597)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the\n header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of\n coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via\n a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which\n allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which\n allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in\n coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage\n in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage\n in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted\n image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in\n coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in\n MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in\n MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage\n error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of\n off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the\n formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end\n of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of\n coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image\n file. (CVE-2019-9956)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service\n (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This\n occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,\n with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial\n of service via a crafted file. (CVE-2018-20467)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in\n the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in\n the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the\n error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service\n (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to\n TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in\n tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-\n free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that\n is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in\n ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than\n CVE-2019-11472. (CVE-2019-15139)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can\n cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD\n file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of\n coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of\n coders/sgi.c. (CVE-2019-19948)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in\n MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by\n WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in\n MagickCore/constitute.c. (CVE-2019-16713)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0119\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ImageMagick packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'ImageMagick-6.9.10.68-3.el7',\n 'ImageMagick-c++-6.9.10.68-3.el7',\n 'ImageMagick-c++-devel-6.9.10.68-3.el7',\n 'ImageMagick-debuginfo-6.9.10.68-3.el7',\n 'ImageMagick-devel-6.9.10.68-3.el7',\n 'ImageMagick-doc-6.9.10.68-3.el7',\n 'ImageMagick-perl-6.9.10.68-3.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'ImageMagick-6.9.10.68-3.el7',\n 'ImageMagick-c++-6.9.10.68-3.el7',\n 'ImageMagick-c++-devel-6.9.10.68-3.el7',\n 'ImageMagick-debuginfo-6.9.10.68-3.el7',\n 'ImageMagick-devel-6.9.10.68-3.el7',\n 'ImageMagick-doc-6.9.10.68-3.el7',\n 'ImageMagick-perl-6.9.10.68-3.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ImageMagick');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:32:13", "description": "* ImageMagick: multiple security vulnerabilities", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ImageMagick on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ImageMagick", "p-cpe:/a:fermilab:scientific_linux:imagemagick-c%2b%2b", "p-cpe:/a:fermilab:scientific_linux:imagemagick-c%2b%2b-devel", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-devel", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-doc", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-perl", "p-cpe:/a:fermilab:scientific_linux:autotrace", "p-cpe:/a:fermilab:scientific_linux:autotrace-debuginfo", "p-cpe:/a:fermilab:scientific_linux:autotrace-devel", "p-cpe:/a:fermilab:scientific_linux:emacs", "p-cpe:/a:fermilab:scientific_linux:emacs-common", "p-cpe:/a:fermilab:scientific_linux:emacs-debuginfo", "p-cpe:/a:fermilab:scientific_linux:emacs-el", "p-cpe:/a:fermilab:scientific_linux:emacs-filesystem", "p-cpe:/a:fermilab:scientific_linux:emacs-nox", "p-cpe:/a:fermilab:scientific_linux:emacs-terminal", "p-cpe:/a:fermilab:scientific_linux:inkscape", "p-cpe:/a:fermilab:scientific_linux:inkscape-debuginfo", "p-cpe:/a:fermilab:scientific_linux:inkscape-docs", "p-cpe:/a:fermilab:scientific_linux:inkscape-view", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_IMAGEMAGICK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135797);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-11166\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11656\", \"CVE-2018-12599\", \"CVE-2018-12600\", \"CVE-2018-13153\", \"CVE-2018-14434\", \"CVE-2018-14435\", \"CVE-2018-14436\", \"CVE-2018-14437\", \"CVE-2018-15607\", \"CVE-2018-16328\", \"CVE-2018-16749\", \"CVE-2018-16750\", \"CVE-2018-18544\", \"CVE-2018-20467\", \"CVE-2018-8804\", \"CVE-2018-9133\", \"CVE-2019-10131\", \"CVE-2019-10650\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-12974\", \"CVE-2019-12975\", \"CVE-2019-12976\", \"CVE-2019-12978\", \"CVE-2019-12979\", \"CVE-2019-13133\", \"CVE-2019-13134\", \"CVE-2019-13135\", \"CVE-2019-13295\", \"CVE-2019-13297\", \"CVE-2019-13300\", \"CVE-2019-13301\", \"CVE-2019-13304\", \"CVE-2019-13305\", \"CVE-2019-13306\", \"CVE-2019-13307\", \"CVE-2019-13309\", \"CVE-2019-13310\", \"CVE-2019-13311\", \"CVE-2019-13454\", \"CVE-2019-14980\", \"CVE-2019-14981\", \"CVE-2019-15139\", \"CVE-2019-15140\", \"CVE-2019-15141\", \"CVE-2019-16708\", \"CVE-2019-16709\", \"CVE-2019-16710\", \"CVE-2019-16711\", \"CVE-2019-16712\", \"CVE-2019-16713\", \"CVE-2019-17540\", \"CVE-2019-17541\", \"CVE-2019-19948\", \"CVE-2019-19949\", \"CVE-2019-7175\", \"CVE-2019-7397\", \"CVE-2019-7398\", \"CVE-2019-9956\");\n\n script_name(english:\"Scientific Linux Security Update : ImageMagick on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"* ImageMagick: multiple security vulnerabilities\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=4745\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7d4e280\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:autotrace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:autotrace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:inkscape-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:inkscape-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:inkscape-view\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-devel-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-devel-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"autotrace-0.31.1-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"autotrace-debuginfo-0.31.1-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"autotrace-devel-0.31.1-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-el-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-filesystem-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-filesystem-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-terminal-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"inkscape-0.92.2-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"inkscape-debuginfo-0.92.2-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"inkscape-docs-0.92.2-3.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"inkscape-view-0.92.2-3.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:37:01", "description": "An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\nAn issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\nAn issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\nIn ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\nImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\nThe ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\nIn ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. (CVE-2018-13153)\n\nImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.\n(CVE-2018-14435)\n\nImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\nImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.\n(CVE-2018-14437)\n\nImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\nImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. (CVE-2019-13311)\n\nImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\nImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. (CVE-2019-17540)\n\nIn ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n(CVE-2019-14980)\n\nIn ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. (CVE-2019-14981)\n\nIn ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.\n(CVE-2019-9956)\n\nIn ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.\n(CVE-2019-7397)\n\ncoders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.\n(CVE-2019-11597)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2019-15140)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\nIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\nImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\nImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\nImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. (CVE-2019-13133)\n\nImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\nImageMagick before 7.0.8-50 has a 'use of uninitialized value' vulnerability in the function ReadCUTImage in coders/cut.c.\n(CVE-2019-13135)\n\nIn ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\nIn ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\nThere is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\nIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\nImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\nImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\nImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\nImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.\n(CVE-2019-16710)\n\nReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\nImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. (CVE-2019-12975)\n\nThe cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. (CVE-2019-11470)\n\nAn off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\nWriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\nImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\nImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\nImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. (CVE-2019-13454)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\nIn ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n(CVE-2018-11656)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.\n(CVE-2019-13307)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.\n(CVE-2019-13306)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.\n(CVE-2019-13304)\n\nImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. (CVE-2019-13301)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\nIn ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\nA NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\nIn ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.\n(CVE-2018-16750)\n\nImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\nImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\nImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\nIn ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\nIn ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\nIn ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php-pecl-imagick (ALAS-2020-1391)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php-pecl-imagick", "p-cpe:/a:amazon:linux:php-pecl-imagick-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1391.NASL", "href": "https://www.tenable.com/plugins/nessus/138633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1391.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138633);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-11166\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11656\", \"CVE-2018-12599\", \"CVE-2018-12600\", \"CVE-2018-13153\", \"CVE-2018-14434\", \"CVE-2018-14435\", \"CVE-2018-14436\", \"CVE-2018-14437\", \"CVE-2018-15607\", \"CVE-2018-16328\", \"CVE-2018-16749\", \"CVE-2018-16750\", \"CVE-2018-18544\", \"CVE-2018-20467\", \"CVE-2018-8804\", \"CVE-2018-9133\", \"CVE-2019-10131\", \"CVE-2019-10650\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-12974\", \"CVE-2019-12975\", \"CVE-2019-12976\", \"CVE-2019-12978\", \"CVE-2019-12979\", \"CVE-2019-13133\", \"CVE-2019-13134\", \"CVE-2019-13135\", \"CVE-2019-13295\", \"CVE-2019-13297\", \"CVE-2019-13300\", \"CVE-2019-13301\", \"CVE-2019-13304\", \"CVE-2019-13305\", \"CVE-2019-13306\", \"CVE-2019-13307\", \"CVE-2019-13309\", \"CVE-2019-13310\", \"CVE-2019-13311\", \"CVE-2019-13454\", \"CVE-2019-14980\", \"CVE-2019-14981\", \"CVE-2019-15139\", \"CVE-2019-15140\", \"CVE-2019-15141\", \"CVE-2019-16708\", \"CVE-2019-16709\", \"CVE-2019-16710\", \"CVE-2019-16711\", \"CVE-2019-16712\", \"CVE-2019-16713\", \"CVE-2019-17540\", \"CVE-2019-17541\", \"CVE-2019-19948\", \"CVE-2019-19949\", \"CVE-2019-7175\", \"CVE-2019-7397\", \"CVE-2019-7398\", \"CVE-2019-9956\");\n script_xref(name:\"ALAS\", value:\"2020-1391\");\n\n script_name(english:\"Amazon Linux AMI : php-pecl-imagick (ALAS-2020-1391)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue was discovered in ImageMagick 7.0.7. A memory leak\nvulnerability was found in the function WriteGIFImage in coders/gif.c,\nwhich allow remote attackers to cause a denial of service via a\ncrafted file. (CVE-2017-18254)\n\nAn issue was discovered in ImageMagick 7.0.7. The MogrifyImageList\nfunction in MagickWand/mogrify.c allows attackers to cause a denial of\nservice (assertion failure and application exit in ReplaceImageInList)\nvia a crafted file. (CVE-2017-18252)\n\nAn issue was discovered in ImageMagick 7.0.7. A memory leak\nvulnerability was found in the function ReadPCDImage in coders/pcd.c,\nwhich allow remote attackers to cause a denial of service via a\ncrafted file. (CVE-2017-18251)\n\nIn ImageMagick 7.0.7-29 and earlier, a missing NULL check in\nReadOneJNGImage in coders/png.c allows an attacker to cause a denial\nof service (WriteBlob assertion failure and application exit) via a\ncrafted file. (CVE-2018-16749)\n\nImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability\nin the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\nThe ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a\nmemory leak vulnerability that can cause memory exhaustion via a\ncrafted length (number of color-map entries) field in the header of an\nXWD file. (CVE-2017-11166)\n\nIn ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand\nfunction in MagickCore/animate.c. (CVE-2018-13153)\n\nImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.\n(CVE-2018-14435)\n\nImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage\nin coders/mpc.c. (CVE-2018-14434)\n\nImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.\n(CVE-2018-14437)\n\nImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in\ncoders/miff.c. (CVE-2018-14436)\n\nImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in\ncoders/pcl.c. (CVE-2019-12976)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory\nbecause of a wand/mogrify.c error. (CVE-2019-13311)\n\nImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo\nin MagickCore/string.c because the error manager is mishandled in\ncoders/jpeg.c. (CVE-2019-17541)\n\nImageMagick before 7.0.8-54 has a heap-based buffer overflow in\nReadPSInfo in coders/ps.c. (CVE-2019-17540)\n\nIn ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is\na use after free vulnerability in the UnmapBlob function that allows\nan attacker to cause a denial of service by sending a crafted file.\n(CVE-2019-14980)\n\nIn ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is\na divide-by-zero vulnerability in the MeanShiftImage function. It\nallows an attacker to cause a denial of service by sending a crafted\nfile. (CVE-2019-14981)\n\nIn ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in\nthe function PopHexPixel of coders/ps.c, which allows an attacker to\ncause a denial of service or code execution via a crafted image file.\n(CVE-2019-9956)\n\nIn ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31,\nseveral memory leaks exist in WritePDFImage in coders/pdf.c.\n(CVE-2019-7397)\n\ncoders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to\ncause a denial of service (use-after-free and application crash) or\npossibly have unspecified other impact by crafting a Matlab image file\nthat is mishandled in ReadImage in MagickCore/constitute.c.\n(CVE-2019-11597)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in\nthe function ReadTIFFImage, which allows attackers to cause a denial\nof service. (CVE-2019-15140)\n\nIn ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in\nthe function format8BIM, which allows attackers to cause a denial of\nservice. (CVE-2017-12806)\n\nIn ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in\nthe function WriteTIFFImage of coders/tiff.c, which allows an attacker\nto cause a denial of service or information disclosure via a crafted\nimage file. (CVE-2019-10650)\n\nImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to\nXCreateImage. (CVE-2019-16708)\n\nImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as\ndemonstrated by XCreateImage. (CVE-2019-16709)\n\nImageMagick before 7.0.8-50 has a memory leak vulnerability in the\nfunction ReadBMPImage in coders/bmp.c. (CVE-2019-13133)\n\nImageMagick before 7.0.8-50 has a memory leak vulnerability in the\nfunction ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\nImageMagick before 7.0.8-50 has a 'use of uninitialized value'\nvulnerability in the function ReadCUTImage in coders/cut.c.\n(CVE-2019-13135)\n\nIn ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage\nin coders/pcd.c. (CVE-2019-7175)\n\nIn ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in\nthe function WritePNMImage of coders/pnm.c, which allows an attacker\nto cause a denial of service or possibly information disclosure via a\ncrafted image file. This is related to SetGrayscaleImage in\nMagickCore/quantize.c. (CVE-2019-11598)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory\nbecause of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop\nvulnerability was found in the function ReadMIFFImage in\ncoders/miff.c, which allows attackers to cause a denial of service\n(CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\nIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop\nvulnerability was found in the function ReadTXTImage in coders/txt.c,\nwhich allows attackers to cause a denial of service (CPU exhaustion)\nvia a crafted image file that is mishandled in a GetImageIndexInList\ncall. (CVE-2017-18273)\n\nThere is a memory leak in the function WriteMSLImage of coders/msl.c\nin ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of\ncoders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\nIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36\n0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00\ncan result in a hang of several minutes during which CPU and memory\nresources are consumed until ultimately an attempted large memory\nallocation fails. Remote attackers could leverage this vulnerability\nto cause a denial of service via a crafted file. (CVE-2018-15607)\n\nImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as\ndemonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\nImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in\ncoders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\nImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in\ncoders/ps2.c. (CVE-2019-16711)\n\nImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as\ndemonstrated by AcquireMagickMemory in MagickCore/memory.c.\n(CVE-2019-16710)\n\nReadXWDImage in coders/xwd.c in the XWD image parsing component of\nImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service\n(divide-by-zero error) by crafting an XWD image file in which the\nheader indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\nImageMagick 7.0.8-34 has a memory leak vulnerability in the\nWriteDPXImage function in coders/dpx.c. (CVE-2019-12975)\n\nThe cineon parsing component in ImageMagick 7.0.8-26 Q16 allows\nattackers to cause a denial-of-service (uncontrolled resource\nconsumption) by crafting a Cineon image with an incorrect claimed\nimage size. This occurs because ReadCINImage in coders/cin.c lacks a\ncheck for insufficient image data in a file. (CVE-2019-11470)\n\nAn off-by-one read vulnerability was discovered in ImageMagick before\nversion 7.0.7-28 in the formatIPTCfromBuffer function in\ncoders/meta.c. A local attacker may use this flaw to read beyond the\nend of the buffer or to crash the program. (CVE-2019-10131)\n\nWriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows\nremote attackers to cause a denial of service (MagickCore/memory.c\ndouble free and application crash) or possibly have unspecified other\nimpact via a crafted file. (CVE-2018-8804)\n\nImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in\nthe function ReadDDSInfo in coders/dds.c, which allows attackers to\ncause a denial of service. (CVE-2017-1000476)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in\nthe CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\nImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability\nin the SyncImageSettings function in MagickCore/image.c. This is\nrelated to AcquireImage in magick/image.c. (CVE-2019-12979)\n\nImageMagick 7.0.8-54 Q16 allows Division by Zero in\nRemoveDuplicateLayers in MagickCore/layer.c. (CVE-2019-13454)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in\nthe function WritePNGImage of coders/png.c, related to\nMagick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in\nthe function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\nIn ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was\nfound in the function ReadDCMImage in coders/dcm.c, which allows\nattackers to cause a denial of service via a crafted DCM image file.\n(CVE-2018-11656)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can\nresult in an infinite loop and hang, with high CPU and memory\nconsumption. Remote attackers could leverage this vulnerability to\ncause a denial of service via a crafted file. (CVE-2018-20467)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at\nMagickCore/statistic.c in EvaluateImages because of mishandling rows.\n(CVE-2019-13307)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at\ncoders/pnm.c in WritePNMImage because of off-by-one errors.\n(CVE-2019-13306)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at\ncoders/pnm.c in WritePNMImage because of a misplaced strncpy and an\noff-by-one error. (CVE-2019-13305)\n\nImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at\ncoders/pnm.c in WritePNMImage because of a misplaced assignment.\n(CVE-2019-13304)\n\nImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory\nbecause of an AnnotateImage error. (CVE-2019-13301)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at\nMagickCore/statistic.c in EvaluateImages because of mishandling\ncolumns. (CVE-2019-13300)\n\nImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory\nbecause of mishandling the NoSuchImage error in CLIListOperatorImages\nin MagickWand/operation.c. (CVE-2019-13309)\n\nIn ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in\nthe function WriteTIFFImage of coders/tiff.c, which allows an attacker\nto cause a denial of service or possibly information disclosure via a\ncrafted image file. (CVE-2019-11597)\n\nIn ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in\ncoders/bmp.c allow attackers to cause an out of bounds write via a\ncrafted file. (CVE-2018-12599)\n\nA NULL pointer dereference in the function ReadPANGOImage in\ncoders/pango.c and the function ReadVIDImage in coders/vid.c in\nImageMagick 7.0.8-34 allows remote attackers to cause a denial of\nservice via a crafted image. (CVE-2019-12974)\n\nIn ImageMagick 7.0.7-29 and earlier, a memory leak in the\nformatIPTCfromBuffer function in coders/meta.c was found.\n(CVE-2018-16750)\n\nImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage\nin coders/tiff.c. (CVE-2018-10804)\n\nImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage\nin coders/ycbcr.c. (CVE-2018-10805)\n\nImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage\nand EncodeLabImage functions (coders/tiff.c), which results in a hang\n(tens of minutes) with a tiny PoC file. Remote attackers could\nleverage this vulnerability to cause a denial of service via a crafted\ntiff file. (CVE-2018-9133)\n\nIn ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage\nin coders/dib.c. (CVE-2019-7398)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at\nMagickCore/threshold.c in AdaptiveThresholdImage because a width of\nzero is mishandled. (CVE-2019-13295)\n\nImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at\nMagickCore/threshold.c in AdaptiveThresholdImage because a height of\nzero is mishandled. (CVE-2019-13297)\n\nIn ImageMagick 7.0.7-28, there is an infinite loop in the\nReadOneMNGImage function of the coders/png.c file. Remote attackers\ncould leverage this vulnerability to cause a denial of service via a\ncrafted mng file. (CVE-2018-10177)\n\nIn ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in\ncoders/dib.c allow attackers to cause an out of bounds write via a\ncrafted file. (CVE-2018-12600)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1391.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update php-pecl-imagick' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pecl-imagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-pecl-imagick-3.4.4-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pecl-imagick-debuginfo-3.4.4-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-pecl-imagick / php-pecl-imagick-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-10T14:51:31", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1497 advisory.\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ImageMagick (ALAS-2020-1497)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956", "CVE-2020-25664"], "modified": "2022-06-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ImageMagick", "p-cpe:/a:amazon:linux:imagemagick-c%2b%2b", "p-cpe:/a:amazon:linux:imagemagick-c%2b%2b-devel", "p-cpe:/a:amazon:linux:ImageMagick-debuginfo", "p-cpe:/a:amazon:linux:ImageMagick-devel", "p-cpe:/a:amazon:linux:ImageMagick-doc", "p-cpe:/a:amazon:linux:ImageMagick-perl", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1497.NASL", "href": "https://www.tenable.com/plugins/nessus/141987", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1497.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141987);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/10\");\n\n script_cve_id(\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-1000476\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-18544\",\n \"CVE-2018-20467\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9956\",\n \"CVE-2019-10131\",\n \"CVE-2019-10650\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\",\n \"CVE-2020-25664\"\n );\n script_bugtraq_id(\n 102428,\n 103498,\n 104591,\n 104687,\n 105137,\n 106268,\n 106315,\n 106561,\n 106847,\n 106848,\n 107333,\n 107546,\n 107646,\n 108102,\n 108117,\n 108448,\n 108492,\n 108913,\n 109099,\n 109308,\n 109362\n );\n script_xref(name:\"ALAS\", value:\"2020-1497\");\n\n script_name(english:\"Amazon Linux 2 : ImageMagick (ALAS-2020-1497)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1497 advisory.\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in\n coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can\n cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD\n file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which\n allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which\n allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows\n attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via\n a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18254)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng\n file. (CVE-2018-10177)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in\n coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12600)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36\n 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory\n resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in\n MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an\n attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted\n file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c\n was found. (CVE-2018-16750)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the\n function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,\n with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial\n of service via a crafted file. (CVE-2018-20467)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of\n service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact\n via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions\n (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the\n formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end\n of the buffer or to crash the program. (CVE-2019-10131)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a\n crafted image file. (CVE-2019-10650)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service\n (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This\n occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the\n header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure\n via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of\n coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via\n a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage\n in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted\n image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in\n coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in\n MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in\n coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage\n in coders/cut.c. (CVE-2019-13135)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of\n off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage\n error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in\n MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in\n the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in\n the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in\n ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than\n CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-\n free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that\n is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service\n (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to\n TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in\n tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in\n MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by\n WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in\n MagickCore/constitute.c. (CVE-2019-16713)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the\n error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of\n coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of\n coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in\n WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of\n coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image\n file. (CVE-2019-9956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1497.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-1000476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-11166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-12805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-12806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-13153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-15607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-9133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9956\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ImageMagick' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ImageMagick-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-c++-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-c++-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-c++-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-c++-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-debuginfo-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-devel-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-doc-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-doc-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-doc-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ImageMagick-perl-6.9.10.68-3.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ImageMagick-perl-6.9.10.68-3.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ImageMagick-perl-6.9.10.68-3.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:32:49", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory.\n\n - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476)\n\n - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166)\n\n - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805)\n\n - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806)\n\n - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251)\n\n - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252)\n\n - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254)\n\n - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271)\n\n - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273)\n\n - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177)\n\n - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804)\n\n - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805)\n\n - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656)\n\n - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)\n\n - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)\n\n - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153)\n\n - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434)\n\n - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435)\n\n - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436)\n\n - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437)\n\n - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607)\n\n - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)\n\n - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749)\n\n - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750)\n\n - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544)\n\n - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467)\n\n - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)\n\n - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133)\n\n - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131)\n\n - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650)\n\n - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470)\n\n - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472)\n\n - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597)\n\n - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598)\n\n - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974)\n\n - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975)\n\n - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976)\n\n - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978)\n\n - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979)\n\n - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133)\n\n - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134)\n\n - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300)\n\n - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307)\n\n - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311)\n\n - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454)\n\n - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980)\n\n - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)\n\n - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139)\n\n - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140)\n\n - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141)\n\n - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708)\n\n - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709)\n\n - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712)\n\n - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540)\n\n - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541)\n\n - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)\n\n - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949)\n\n - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175)\n\n - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397)\n\n - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398)\n\n - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : ImageMagick / autotrace / emacs / inkscape (CESA-2020:1180)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ImageMagick", "p-cpe:/a:centos:centos:imagemagick-c%2b%2b", "p-cpe:/a:centos:centos:imagemagick-c%2b%2b-devel", "p-cpe:/a:centos:centos:ImageMagick-devel", "p-cpe:/a:centos:centos:ImageMagick-doc", "p-cpe:/a:centos:centos:ImageMagick-perl", "p-cpe:/a:centos:centos:autotrace", "p-cpe:/a:centos:centos:autotrace-devel", "p-cpe:/a:centos:centos:emacs", "p-cpe:/a:centos:centos:emacs-common", "p-cpe:/a:centos:centos:emacs-el", "p-cpe:/a:centos:centos:emacs-filesystem", "p-cpe:/a:centos:centos:emacs-nox", "p-cpe:/a:centos:centos:emacs-terminal", "p-cpe:/a:centos:centos:inkscape", "p-cpe:/a:centos:centos:inkscape-docs", "p-cpe:/a:centos:centos:inkscape-view", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1180.NASL", "href": "https://www.tenable.com/plugins/nessus/135354", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1180 and \n# CentOS Errata and Security Advisory 2020:1180 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135354);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2017-1000476\", \"CVE-2017-11166\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11656\", \"CVE-2018-12599\", \"CVE-2018-12600\", \"CVE-2018-13153\", \"CVE-2018-14434\", \"CVE-2018-14435\", \"CVE-2018-14436\", \"CVE-2018-14437\", \"CVE-2018-15607\", \"CVE-2018-16328\", \"CVE-2018-16749\", \"CVE-2018-16750\", \"CVE-2018-18544\", \"CVE-2018-20467\", \"CVE-2018-8804\", \"CVE-2018-9133\", \"CVE-2019-10131\", \"CVE-2019-10650\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-12974\", \"CVE-2019-12975\", \"CVE-2019-12976\", \"CVE-2019-12978\", \"CVE-2019-12979\", \"CVE-2019-13133\", \"CVE-2019-13134\", \"CVE-2019-13135\", \"CVE-2019-13295\", \"CVE-2019-13297\", \"CVE-2019-13300\", \"CVE-2019-13301\", \"CVE-2019-13304\", \"CVE-2019-13305\", \"CVE-2019-13306\", \"CVE-2019-13307\", \"CVE-2019-13309\", \"CVE-2019-13310\", \"CVE-2019-13311\", \"CVE-2019-13454\", \"CVE-2019-14980\", \"CVE-2019-14981\", \"CVE-2019-15139\", \"CVE-2019-15140\", \"CVE-2019-15141\", \"CVE-2019-16708\", \"CVE-2019-16709\", \"CVE-2019-16710\", \"CVE-2019-16711\", \"CVE-2019-16712\", \"CVE-2019-16713\", \"CVE-2019-17540\", \"CVE-2019-17541\", \"CVE-2019-19948\", \"CVE-2019-19949\", \"CVE-2019-7175\", \"CVE-2019-7397\", \"CVE-2019-7398\", \"CVE-2019-9956\");\n script_xref(name:\"RHSA\", value:\"2020:1180\");\n\n script_name(english:\"CentOS 7 : ImageMagick / autotrace / emacs / inkscape (CESA-2020:1180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1180 advisory.\n\n - ImageMagick: CPU exhaustion vulnerability in function\n ReadDDSInfo in coders/dds.c (CVE-2017-1000476)\n\n - ImageMagick: memory leak vulnerability in ReadXWDImage\n function in coders/xwd.c (CVE-2017-11166)\n\n - ImageMagick: memory exhaustion in function ReadTIFFImage\n causing denial of service (CVE-2017-12805)\n\n - ImageMagick: memory exhaustion in function format8BIM\n causing denial of service (CVE-2017-12806)\n\n - ImageMagick: memory leak in ReadPCDImage function in\n coders/pcd.c (CVE-2017-18251)\n\n - ImageMagick: assertion failure in MogrifyImageList\n function in MagickWand/mogrify.c (CVE-2017-18252)\n\n - ImageMagick: memory leak in WriteGIFImage function in\n coders/gif.c (CVE-2017-18254)\n\n - ImageMagick: infinite loop in ReadMIFFImage function in\n coders/miff.c (CVE-2017-18271)\n\n - ImageMagick: infinite loop ReadTXTImage in function in\n coders/txt.c (CVE-2017-18273)\n\n - ImageMagick: Infinite loop in\n coders/png.c:ReadOneMNGImage() allows attackers to cause\n a denial of service via crafted MNG file\n (CVE-2018-10177)\n\n - ImageMagick: Memory leak in WriteTIFFImage\n (CVE-2018-10804)\n\n - ImageMagick: Memory leak in ReadYCBCRImage\n (CVE-2018-10805)\n\n - ImageMagick: memory leak in ReadDCMImage function in\n coders/dcm.c (CVE-2018-11656)\n\n - ImageMagick: out of bounds write in ReadBMPImage and\n WriteBMPImage in coders/bmp.c (CVE-2018-12599)\n\n - ImageMagick: out of bounds write ReadDIBImage and\n WriteDIBImage in coders/dib.c (CVE-2018-12600)\n\n - ImageMagick: memory leak in the XMagickCommand function\n in MagickCore/animate.c (CVE-2018-13153)\n\n - ImageMagick: memory leak for a colormap in WriteMPCImage\n in coders/mpc.c (CVE-2018-14434)\n\n - ImageMagick: memory leak in DecodeImage in coders/pcd.c\n (CVE-2018-14435)\n\n - ImageMagick: memory leak in ReadMIFFImage in\n coders/miff.c (CVE-2018-14436)\n\n - ImageMagick: memory leak in parse8BIM in coders/meta.c\n (CVE-2018-14437)\n\n - ImageMagick: CPU Exhaustion via crafted input file\n (CVE-2018-15607)\n\n - ImageMagick: NULL pointer dereference in\n CheckEventLogging function in MagickCore/log.c\n (CVE-2018-16328)\n\n - ImageMagick: reachable assertion in ReadOneJNGImage in\n coders/png.c (CVE-2018-16749)\n\n - ImageMagick: Memory leak in the formatIPTCfromBuffer\n function in coders/meta.c (CVE-2018-16750)\n\n - ImageMagick: memory leak in WriteMSLImage of\n coders/msl.c (CVE-2018-18544)\n\n - ImageMagick: infinite loop in coders/bmp.c\n (CVE-2018-20467)\n\n - ImageMagick: double free in WriteEPTImage function in\n coders/ept.c (CVE-2018-8804)\n\n - ImageMagick: excessive iteration in the DecodeLabImage\n and EncodeLabImage functions in coders/tiff.c\n (CVE-2018-9133)\n\n - ImageMagick: off-by-one read in formatIPTCfromBuffer\n function in coders/meta.c (CVE-2019-10131)\n\n - ImageMagick: heap-based buffer over-read in\n WriteTIFFImage of coders/tiff.c leads to denial of\n service or information disclosure via crafted image file\n (CVE-2019-10650)\n\n - ImageMagick: denial of service in cineon parsing\n component (CVE-2019-11470)\n\n - ImageMagick: denial of service in ReadXWDImage in\n coders/xwd.c in the XWD image parsing component\n (CVE-2019-11472)\n\n - ImageMagick: heap-based buffer over-read in the function\n WriteTIFFImage of coders/tiff.c leading to DoS or\n information disclosure (CVE-2019-11597)\n\n - ImageMagick: heap-based buffer over-read in the function\n WritePNMImage of coders/pnm.c leading to DoS or\n information disclosure (CVE-2019-11598)\n\n - imagemagick: null-pointer dereference in function\n ReadPANGOImage in coders/pango.c and ReadVIDImage in\n coders/vid.c causing denial of service (CVE-2019-12974)\n\n - imagemagick: memory leak vulnerability in function\n WriteDPXImage in coders/dpx.c (CVE-2019-12975)\n\n - imagemagick: memory leak vulnerability in function\n ReadPCLImage in coders/pcl.c (CVE-2019-12976)\n\n - imagemagick: use of uninitialized value in function\n ReadPANGOImage in coders/pango.c (CVE-2019-12978)\n\n - imagemagick: use of uninitialized value in\n functionSyncImageSettings in MagickCore/image.c\n (CVE-2019-12979)\n\n - ImageMagick: a memory leak vulnerability in the function\n ReadBMPImage in coders/bmp.c (CVE-2019-13133)\n\n - ImageMagick: a memory leak vulnerability in the function\n ReadVIFFImage in coders/viff.c (CVE-2019-13134)\n\n - ImageMagick: a use of uninitialized value\n vulnerability in the function ReadCUTImage leading to a\n crash and DoS (CVE-2019-13135)\n\n - ImageMagick: heap-based buffer over-read at\n MagickCore/threshold.c in AdaptiveThresholdImage because\n a width of zero is mishandled (CVE-2019-13295)\n\n - ImageMagick: heap-based buffer over-read at\n MagickCore/threshold.c in AdaptiveThresholdImage because\n a height of zero is mishandled (CVE-2019-13297)\n\n - ImageMagick: heap-based buffer overflow at\n MagickCore/statistic.c in EvaluateImages because of\n mishandling columns (CVE-2019-13300)\n\n - ImageMagick: memory leaks in AcquireMagickMemory\n (CVE-2019-13301)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c\n in WritePNMImage because of a misplaced assignment\n (CVE-2019-13304)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c\n in WritePNMImage because of a misplaced strncpy and an\n off-by-one error (CVE-2019-13305)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c\n in WritePNMImage because of off-by-one errors\n (CVE-2019-13306)\n\n - ImageMagick: heap-based buffer overflow at\n MagickCore/statistic.c in EvaluateImages because of\n mishandling rows (CVE-2019-13307)\n\n - ImageMagick: memory leaks at AcquireMagickMemory due to\n mishandling the NoSuchImage error in\n CLIListOperatorImages (CVE-2019-13309)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because\n of an error in MagickWand/mogrify.c (CVE-2019-13310)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because\n of a wand/mogrify.c error (CVE-2019-13311)\n\n - ImageMagick: division by zero in RemoveDuplicateLayers\n in MagickCore/layer.c (CVE-2019-13454)\n\n - ImageMagick: use-after-free in magick/blob.c resulting\n in a denial of service (CVE-2019-14980)\n\n - ImageMagick: division by zero in MeanShiftImage in\n MagickCore/feature.c (CVE-2019-14981)\n\n - ImageMagick: out-of-bounds read in ReadXWDImage in\n coders/xwd.c (CVE-2019-15139)\n\n - ImageMagick: Use after free in ReadMATImage in\n coders/mat.c (CVE-2019-15140)\n\n - ImageMagick: heap-based buffer overflow in\n WriteTIFFImage in coders/tiff.c (CVE-2019-15141)\n\n - ImageMagick: memory leak in magick/xwindow.c\n (CVE-2019-16708)\n\n - ImageMagick: memory leak in coders/dps.c\n (CVE-2019-16709)\n\n - ImageMagick: memory leak in coders/dot.c\n (CVE-2019-16710, CVE-2019-16713)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in\n coders/ps2.c (CVE-2019-16711)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in\n coders/ps3.c (CVE-2019-16712)\n\n - ImageMagick: heap-based buffer overflow in ReadPSInfo in\n coders/ps.c (CVE-2019-17540)\n\n - ImageMagick: Use after free in ReadICCProfile function\n in coders/jpeg.c (CVE-2019-17541)\n\n - ImageMagick: heap-based buffer overflow in WriteSGIImage\n in coders/sgi.c (CVE-2019-19948)\n\n - ImageMagick: heap-based buffer over-read in\n WritePNGImage in coders/png.c (CVE-2019-19949)\n\n - imagemagick: memory leak in function DecodeImage in\n coders/pcd.c (CVE-2019-7175)\n\n - ImageMagick: Memory leak in the WritePDFImage function\n in coders/pdf.c (CVE-2019-7397)\n\n - ImageMagick: Memory leak in the WriteDIBImage function\n in coders/dib.c (CVE-2019-7398)\n\n - imagemagick: stack-based buffer overflow in function\n PopHexPixel in coders/ps.c (CVE-2019-9956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012410.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f508a75e\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012438.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5525b51f\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012467.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f4fa0d1\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012470.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f951dbe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16328\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:autotrace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:inkscape-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:inkscape-view\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-devel-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-devel-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.9.10.68-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"autotrace-0.31.1-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"autotrace-devel-0.31.1-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-el-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-filesystem-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-terminal-24.3-23.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"inkscape-0.92.2-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"inkscape-docs-0.92.2-3.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"inkscape-view-0.92.2-3.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:35:20", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory.\n\n - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476)\n\n - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166)\n\n - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805)\n\n - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806)\n\n - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251)\n\n - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252)\n\n - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254)\n\n - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271)\n\n - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273)\n\n - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177)\n\n - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804)\n\n - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805)\n\n - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656)\n\n - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)\n\n - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)\n\n - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153)\n\n - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434)\n\n - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435)\n\n - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436)\n\n - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437)\n\n - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607)\n\n - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)\n\n - ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c (CVE-2018-16640)\n\n - ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c (CVE-2018-16642)\n\n - ImageMagick: missing check for fputc function in multiple files (CVE-2018-16643)\n\n - ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c (CVE-2018-16644)\n\n - ImageMagick: Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c (CVE-2018-16645)\n\n - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749)\n\n - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750)\n\n - ImageMagick: memory leak in WritePDBImage in coders/pdb.c (CVE-2018-17966)\n\n - ImageMagick: memory leak in ReadBGRImage in coders/bgr.c. (CVE-2018-17967)\n\n - ImageMagick: memory leak in WritePCXImage in coders/pcx.c (CVE-2018-18016)\n\n - ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c (CVE-2018-18024)\n\n - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544)\n\n - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467)\n\n - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)\n\n - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133)\n\n - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131)\n\n - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650)\n\n - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470)\n\n - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472)\n\n - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597)\n\n - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598)\n\n - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974)\n\n - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975)\n\n - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976)\n\n - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978)\n\n - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979)\n\n - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133)\n\n - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134)\n\n - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300)\n\n - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307)\n\n - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311)\n\n - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454)\n\n - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980)\n\n - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)\n\n - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139)\n\n - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140)\n\n - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141)\n\n - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708)\n\n - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709)\n\n - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712)\n\n - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540)\n\n - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541)\n\n - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)\n\n - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949)\n\n - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175)\n\n - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397)\n\n - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398)\n\n - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T00:00:00", "type": "nessus", "title": "RHEL 7 : ImageMagick (RHSA-2020:1180)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16640", "CVE-2018-16642", "CVE-2018-16643", "CVE-2018-16644", "CVE-2018-16645", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-17966", "CVE-2018-17967", "CVE-2018-18016", "CVE-2018-18024", "CVE-2018-18544", "CVE-2018-20467", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-perl:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:autotrace:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:autotrace-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-el:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-filesystem:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-nox:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-terminal:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:inkscape:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:inkscape-docs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:inkscape-view:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-c\\+\\+:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-c\\+\\+-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1180.NASL", "href": "https://www.tenable.com/plugins/nessus/135041", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1180. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135041);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-1000476\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-18544\",\n \"CVE-2018-20467\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9956\",\n \"CVE-2019-10131\",\n \"CVE-2019-10650\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\"\n );\n script_bugtraq_id(\n 102428,\n 103498,\n 104591,\n 104687,\n 105137,\n 106268,\n 106315,\n 106561,\n 106847,\n 106848,\n 107333,\n 107546,\n 107646,\n 108102,\n 108117,\n 108448,\n 108492,\n 108913,\n 109099,\n 109308,\n 109362\n );\n script_xref(name:\"RHSA\", value:\"2020:1180\");\n script_xref(name:\"IAVB\", value:\"2019-B-0062-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0032-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0013-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0056-S\");\n\n script_name(english:\"RHEL 7 : ImageMagick (RHSA-2020:1180)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1180 advisory.\n\n - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476)\n\n - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166)\n\n - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805)\n\n - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806)\n\n - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251)\n\n - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252)\n\n - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254)\n\n - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271)\n\n - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273)\n\n - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service\n via crafted MNG file (CVE-2018-10177)\n\n - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804)\n\n - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805)\n\n - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656)\n\n - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)\n\n - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)\n\n - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153)\n\n - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434)\n\n - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435)\n\n - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436)\n\n - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437)\n\n - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607)\n\n - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)\n\n - ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c (CVE-2018-16640)\n\n - ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c (CVE-2018-16642)\n\n - ImageMagick: missing check for fputc function in multiple files (CVE-2018-16643)\n\n - ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c\n (CVE-2018-16644)\n\n - ImageMagick: Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c (CVE-2018-16645)\n\n - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749)\n\n - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750)\n\n - ImageMagick: memory leak in WritePDBImage in coders/pdb.c (CVE-2018-17966)\n\n - ImageMagick: memory leak in ReadBGRImage in coders/bgr.c. (CVE-2018-17967)\n\n - ImageMagick: memory leak in WritePCXImage in coders/pcx.c (CVE-2018-18016)\n\n - ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c (CVE-2018-18024)\n\n - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544)\n\n - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467)\n\n - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)\n\n - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c\n (CVE-2018-9133)\n\n - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131)\n\n - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or\n information disclosure via crafted image file (CVE-2019-10650)\n\n - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470)\n\n - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component\n (CVE-2019-11472)\n\n - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or\n information disclosure (CVE-2019-11597)\n\n - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or\n information disclosure (CVE-2019-11598)\n\n - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in\n coders/vid.c causing denial of service (CVE-2019-12974)\n\n - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975)\n\n - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976)\n\n - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978)\n\n - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c\n (CVE-2019-12979)\n\n - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133)\n\n - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134)\n\n - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash\n and DoS (CVE-2019-13135)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a\n width of zero is mishandled (CVE-2019-13295)\n\n - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a\n height of zero is mishandled (CVE-2019-13297)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling\n columns (CVE-2019-13300)\n\n - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced\n assignment (CVE-2019-13304)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy\n and an off-by-one error (CVE-2019-13305)\n\n - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors\n (CVE-2019-13306)\n\n - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling\n rows (CVE-2019-13307)\n\n - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in\n CLIListOperatorImages (CVE-2019-13309)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c\n (CVE-2019-13310)\n\n - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311)\n\n - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454)\n\n - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980)\n\n - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)\n\n - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139)\n\n - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140)\n\n - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141)\n\n - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708)\n\n - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709)\n\n - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711)\n\n - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712)\n\n - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540)\n\n - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541)\n\n - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)\n\n - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949)\n\n - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175)\n\n - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397)\n\n - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398)\n\n - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-11166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-12805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-12806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-1000476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-9133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-11656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-12600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-13153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-15607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-17966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-17967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-18544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1532845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1559892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1563875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1572044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1577398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1577399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1581486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1581489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1588170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1594338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1594339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1598471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1609933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1609936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1609939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1609942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1622738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1624955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1626570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1626591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1626599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1626606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1626611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1627916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1627917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1636579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1636587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1636590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1637189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1642614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1664845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1672560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1672564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1687436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1700755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1704762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1705414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1708517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1708521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1726078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1726081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1726104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1730604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1757911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1765330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1767087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1767802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1767812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1767828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1793177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1801681\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 121, 122, 125, 193, 200, 248, 369, 400, 401, 416, 456, 476, 617, 772, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:autotrace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:inkscape-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:inkscape-view\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'autotrace-0.31.1-38.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'autotrace-devel-0.31.1-38.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'emacs-24.3-23.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-24.3-23.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-common-24.3-23.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-common-24.3-23.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-el-24.3-23.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-filesystem-24.3-23.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-nox-24.3-23.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-nox-24.3-23.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'emacs-terminal-24.3-23.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'ImageMagick-6.9.10.68-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-c++-6.9.10.68-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-c++-devel-6.9.10.68-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-devel-6.9.10.68-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-doc-6.9.10.68-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-doc-6.9.10.68-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-perl-6.9.10.68-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ImageMagick-perl-6.9.10.68-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-0.92.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-0.92.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-docs-0.92.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-docs-0.92.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-view-0.92.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'inkscape-view-0.92.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:27:41", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610).\n\n - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948).\n\n - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425).\n\n - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902).\n\n - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122).\n\n - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373).\n\n - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252).\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\\mpc.c via crafted file allowing for DoS (bsc#1052771).\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082).\n\n - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0055-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11449", "CVE-2017-11751", "CVE-2017-12430", "CVE-2017-12642", "CVE-2017-14249", "CVE-2017-17680", "CVE-2017-17882", "CVE-2017-9409"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0055-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0055-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105721);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11449\", \"CVE-2017-11751\", \"CVE-2017-12430\", \"CVE-2017-12642\", \"CVE-2017-14249\", \"CVE-2017-17680\", \"CVE-2017-17882\", \"CVE-2017-9409\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0055-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-1000476: A CPU exhaustion vulnerability was\n found in the function ReadDDSInfo in coders/dds.c, which\n allowed attackers to cause a denial of service\n (bsc#1074610).\n\n - CVE-2017-9409: The ReadMPCImage function in mpc.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1042948).\n\n - CVE-2017-1000445: A NULL pointer dereference in the\n MagickCore component might have lead to denial of\n service (bsc#1074425).\n\n - CVE-2017-17680: Prevent a memory leak in the function\n ReadXPMImage in coders/xpm.c, which allowed attackers to\n cause a denial of service via a crafted XPM image file\n (a different vulnerability than CVE-2017-17882)\n (bsc#1072902).\n\n - CVE-2017-17882: Prevent a memory leak in the function\n ReadXPMImage in coders/xpm.c, which allowed attackers to\n cause a denial of service via a crafted XPM image file\n (a different vulnerability than CVE-2017-17680)\n (bsc#1074122).\n\n - CVE-2017-11449: coders/mpc did not enable seekable\n streams and thus could not validate blob sizes, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via an image received from stdin (bsc#1049373).\n\n - CVE-2017-12430: A memory exhaustion in the function\n ReadMPCImage in coders/mpc.c allowed attackers to cause\n DoS (bsc#1052252).\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in\n ReadMPCImage in coders\\mpc.c via crafted file allowing\n for DoS (bsc#1052771).\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage\n in coders/mpc.c that lead to a division by zero in\n GetPixelCacheTileSize in MagickCore/cache.c allowed\n remote attackers to cause a denial of service via a\n crafted file (bsc#1058082).\n\n - Prevent memory leak via crafted file in pwp.c allowing\n for DoS (bsc#1051412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000445/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000476/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11449/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11751/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12430/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12642/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17680/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9409/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180055-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10f4c2c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-41=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-41=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-41=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-41=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-41=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-41=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-41=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-41=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-41=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-24T14:28:38", "description": "This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610).\n\n - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948).\n\n - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425).\n\n - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902).\n\n - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122).\n\n - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373).\n\n - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252).\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\\mpc.c via crafted file allowing for DoS (bsc#1052771).\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082).\n\n - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-36)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11449", "CVE-2017-11751", "CVE-2017-12430", "CVE-2017-12642", "CVE-2017-14249", "CVE-2017-17680", "CVE-2017-17882", "CVE-2017-9409"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-36.NASL", "href": "https://www.tenable.com/plugins/nessus/106065", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-36.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106065);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11449\", \"CVE-2017-11751\", \"CVE-2017-12430\", \"CVE-2017-12642\", \"CVE-2017-14249\", \"CVE-2017-17680\", \"CVE-2017-17882\", \"CVE-2017-9409\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-36)\");\n script_summary(english:\"Check for the openSUSE-2018-36 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-1000476: A CPU exhaustion vulnerability was\n found in the function ReadDDSInfo in coders/dds.c, which\n allowed attackers to cause a denial of service\n (bsc#1074610).\n\n - CVE-2017-9409: The ReadMPCImage function in mpc.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1042948).\n\n - CVE-2017-1000445: A NULL pointer dereference in the\n MagickCore component might have lead to denial of\n service (bsc#1074425).\n\n - CVE-2017-17680: Prevent a memory leak in the function\n ReadXPMImage in coders/xpm.c, which allowed attackers to\n cause a denial of service via a crafted XPM image file\n (a different vulnerability than CVE-2017-17882)\n (bsc#1072902).\n\n - CVE-2017-17882: Prevent a memory leak in the function\n ReadXPMImage in coders/xpm.c, which allowed attackers to\n cause a denial of service via a crafted XPM image file\n (a different vulnerability than CVE-2017-17680)\n (bsc#1074122).\n\n - CVE-2017-11449: coders/mpc did not enable seekable\n streams and thus could not validate blob sizes, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via an image received from stdin (bsc#1049373).\n\n - CVE-2017-12430: A memory exhaustion in the function\n ReadMPCImage in coders/mpc.c allowed attackers to cause\n DoS (bsc#1052252).\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in\n ReadMPCImage in coders\\mpc.c via crafted file allowing\n for DoS (bsc#1052771).\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage\n in coders/mpc.c that lead to a division by zero in\n GetPixelCacheTileSize in MagickCore/cache.c allowed\n remote attackers to cause a denial of service via a\n crafted file (bsc#1058082).\n\n - Prevent memory leak via crafted file in pwp.c allowing\n for DoS (bsc#1051412)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074610\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-46.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-04T14:51:14", "description": "Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "Debian DLA-2366-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6-common", "p-cpe:/a:debian:debian_linux:imagemagick-6-doc", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2366.NASL", "href": "https://www.tenable.com/plugins/nessus/140297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2366-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140297);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-12140\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12806\", \"CVE-2017-12875\", \"CVE-2017-13061\", \"CVE-2017-13133\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-16643\", \"CVE-2018-16749\", \"CVE-2018-18025\", \"CVE-2019-11598\", \"CVE-2019-13135\", \"CVE-2019-13308\", \"CVE-2019-13391\", \"CVE-2019-15139\");\n\n script_name(english:\"Debian DLA-2366-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530\n870107 872609 875338 875339 875341 873871 873131 875352 878506 875503\n875502 876105 876099 878546 878545 877354 877355 878524 878547 878548\n878555 878554 878548 878555 878554 878579 885942 886584 928206 941670\n931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:39:49", "description": "Several security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u9.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-19T00:00:00", "type": "nessus", "title": "Debian DLA-2333-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12805", "CVE-2017-17681", "CVE-2017-18252", "CVE-2018-10177", "CVE-2018-14551", "CVE-2018-18024", "CVE-2018-20467", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-12974", "CVE-2019-12977", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13454", "CVE-2019-14981", "CVE-2019-19949"], "modified": "2020-08-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6-common", "p-cpe:/a:debian:debian_linux:imagemagick-6-doc", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2333.NASL", "href": "https://www.tenable.com/plugins/nessus/139675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2333-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139675);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/21\");\n\n script_cve_id(\"CVE-2017-12805\", \"CVE-2017-17681\", \"CVE-2017-18252\", \"CVE-2018-10177\", \"CVE-2018-14551\", \"CVE-2018-18024\", \"CVE-2018-20467\", \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\", \"CVE-2019-10131\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11597\", \"CVE-2019-12974\", \"CVE-2019-12977\", \"CVE-2019-12978\", \"CVE-2019-12979\", \"CVE-2019-13295\", \"CVE-2019-13297\", \"CVE-2019-13454\", \"CVE-2019-14981\", \"CVE-2019-19949\");\n\n script_name(english:\"Debian DLA-2333-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u9.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:38:15", "description": "This update for ImageMagick fixes the following issues: Security issues fixed :\n\n - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237)\n\n - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204)\n\n - CVE-2017-13758: Heap-based buffer overflow in the TracePoint() in MagickCore/draw.c, which allows attackers to cause a denial of service(bsc#1056277)\n\n - CVE-2018-10805: Fixed several memory leaks in rgb.c, cmyk.c, gray.c, and ycbcr.c (bsc#1095812)\n\n - CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098545)\n\n - CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed attackers to cause an out of bounds write via a crafted file (bsc#1098546)\n\n - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage in coders/mpc.c (bsc#1102003)\n\n - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007)\n\n - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005)\n\n - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-22T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:2465-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13758", "CVE-2017-18271", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2465-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2465-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112055);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13758\", \"CVE-2017-18271\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-12599\", \"CVE-2018-12600\", \"CVE-2018-14434\", \"CVE-2018-14435\", \"CVE-2018-14436\", \"CVE-2018-14437\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:2465-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: Security\nissues fixed :\n\n - CVE-2018-11251: Heap-based buffer over-read in\n ReadSUNImage in coders/sun.c, which allows attackers to\n cause denial of service (bsc#1094237)\n\n - CVE-2017-18271: Infinite loop in the function\n ReadMIFFImage in coders/miff.c, which allows attackers\n to cause a denial of service (bsc#1094204)\n\n - CVE-2017-13758: Heap-based buffer overflow in the\n TracePoint() in MagickCore/draw.c, which allows\n attackers to cause a denial of service(bsc#1056277)\n\n - CVE-2018-10805: Fixed several memory leaks in rgb.c,\n cmyk.c, gray.c, and ycbcr.c (bsc#1095812)\n\n - CVE-2018-12600: The ReadDIBImage and WriteDIBImage\n functions allowed attackers to cause an out of bounds\n write via a crafted file (bsc#1098545)\n\n - CVE-2018-12599: The ReadBMPImage and WriteBMPImage\n fucntions allowed attackers to cause an out of bounds\n write via a crafted file (bsc#1098546)\n\n - CVE-2018-14434: Fixed a memory leak for a colormap in\n WriteMPCImage in coders/mpc.c (bsc#1102003)\n\n - CVE-2018-14435: Fixed a memory leak in DecodeImage in\n coders/pcd.c (bsc#1102007)\n\n - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in\n coders/miff.c (bsc#1102005)\n\n - CVE-2018-14437: Fixed a memory leak in parse8BIM in\n coders/meta.c (bsc#1102004)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18271/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14437/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182465-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ff05ee5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13747=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13747=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13747=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-78.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-78.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-78.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-24T10:29:20", "description": "The version of AOS installed on the remote host is prior to 5.15.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.3 advisory.\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. (CVE-2017-15710)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. (CVE-2017-6519)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. (CVE-2018-1116)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. (CVE-2018-1301)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. (CVE-2018-15587)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2018-18066)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. (CVE-2018-19985)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. (CVE-2018-20852)\n\n - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. (CVE-2018-4180, CVE-2018-4181)\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (CVE-2018-7191)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (CVE-2019-11190)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\n - In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (CVE-2019-13233)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. (CVE-2019-13648)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. (CVE-2019-14815)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. (CVE-2019-16056)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message.\n To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17042)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub- buffer). (CVE-2019-19768)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2737)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2019-2739)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2740)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2805)\n\n - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. (CVE-2019-3820)\n\n - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. (CVE-2019-3890)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. (CVE-2019-5436)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.\n More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9503)\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. (CVE-2020-10757)\n\n - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)\n\n - An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus- daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. (CVE-2020-12049)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. (CVE-2020-13817)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14556)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14577)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14578, CVE-2020-14579)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-14621)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2754, CVE-2020-2755)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2756, CVE-2020-2757)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java.\n This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-2767)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2773)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2778)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:\n 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-2803, CVE-2020-2805)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2020-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2830)\n\n - It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. (CVE-2020-5208)\n\n - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)\n\n - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. (CVE-2020-8617)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.3)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4343", "CVE-2015-1283", "CVE-2015-2716", "CVE-2015-2809", "CVE-2015-9289", "CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-15710", "CVE-2017-17807", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-18595", "CVE-2017-6519", "CVE-2018-10177", "CVE-2018-10360", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-1116", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-1301", "CVE-2018-13153", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-15587", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-17199", "CVE-2018-18066", "CVE-2018-18544", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20467", "CVE-2018-20852", "CVE-2018-4180", "CVE-2018-4181", "CVE-2018-4700", "CVE-2018-5745", "CVE-2018-7191", "CVE-2018-8804", "CVE-2018-9133", "CVE-2019-10131", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-10650", "CVE-2019-11190", "CVE-2019-11340", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13232", "CVE-2019-13233", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14815", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15090", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-15221", "CVE-2019-15916", "CVE-2019-16056", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-16746", "CVE-2019-17041", "CVE-2019-17042", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-18660", "CVE-2019-19527", "CVE-2019-19768", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2805", "CVE-2019-3820", "CVE-2019-3890", "CVE-2019-3901", "CVE-2019-5436", "CVE-2019-6465", "CVE-2019-6477", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9503", "CVE-2019-9924", "CVE-2019-9956", "CVE-2020-10711", "CVE-2020-10757", "CVE-2020-11868", "CVE-2020-12049", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12888", "CVE-2020-13817", "CVE-2020-14556", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14583", "CVE-2020-14593", "CVE-2020-14621", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830", "CVE-2020-5208", "CVE-2020-8616", "CVE-2020-8617"], "modified": "2023-03-22T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_15_3.NASL", "href": "https://www.tenable.com/plugins/nessus/164596", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164596);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2015-2716\",\n \"CVE-2015-9289\",\n \"CVE-2017-6519\",\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-15710\",\n \"CVE-2017-17807\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-18595\",\n \"CVE-2017-1000476\",\n \"CVE-2018-1116\",\n \"CVE-2018-1301\",\n \"CVE-2018-4180\",\n \"CVE-2018-4181\",\n \"CVE-2018-4700\",\n \"CVE-2018-5745\",\n \"CVE-2018-7191\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10360\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-15587\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-17199\",\n \"CVE-2018-18066\",\n \"CVE-2018-18544\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2018-20467\",\n \"CVE-2018-20852\",\n \"CVE-2019-2737\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2805\",\n \"CVE-2019-3820\",\n \"CVE-2019-3890\",\n \"CVE-2019-3901\",\n \"CVE-2019-5436\",\n \"CVE-2019-6465\",\n \"CVE-2019-6477\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9503\",\n \"CVE-2019-9924\",\n \"CVE-2019-9956\",\n \"CVE-2019-10131\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-10650\",\n \"CVE-2019-11190\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13232\",\n \"CVE-2019-13233\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14815\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15090\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-15221\",\n \"CVE-2019-15916\",\n \"CVE-2019-16056\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-16746\",\n \"CVE-2019-17041\",\n \"CVE-2019-17042\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-18660\",\n \"CVE-2019-19527\",\n \"CVE-2019-19768\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\",\n \"CVE-2020-2754\",\n \"CVE-2020-2755\",\n \"CVE-2020-2756\",\n \"CVE-2020-2757\",\n \"CVE-2020-2767\",\n \"CVE-2020-2773\",\n \"CVE-2020-2778\",\n \"CVE-2020-2781\",\n \"CVE-2020-2800\",\n \"CVE-2020-2803\",\n \"CVE-2020-2805\",\n \"CVE-2020-2816\",\n \"CVE-2020-2830\",\n \"CVE-2020-5208\",\n \"CVE-2020-8616\",\n \"CVE-2020-8617\",\n \"CVE-2020-10711\",\n \"CVE-2020-10757\",\n \"CVE-2020-11868\",\n \"CVE-2020-12049\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12888\",\n \"CVE-2020-13817\",\n \"CVE-2020-14556\",\n \"CVE-2020-14577\",\n \"CVE-2020-14578\",\n \"CVE-2020-14579\",\n \"CVE-2020-14583\",\n \"CVE-2020-14593\",\n \"CVE-2020-14621\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.15.3. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.15.3 advisory.\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and\n Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of\n compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in\n coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can\n cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD\n file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which\n allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which\n allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured\n with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding\n when verifying the user's credentials. If the header value is not present in the charset conversion table,\n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example,\n 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of\n one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the\n process would crash which could be used as a Denial of Service attack. In the more likely case, this\n memory is already reserved for future use and the issue has no effect at all. (CVE-2017-15710)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to\n the current task's default request-key keyring via the request_key() system call, allowing a local user\n to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write\n permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows\n attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via\n a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18254)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source\n addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic\n amplification) and may cause information leakage by obtaining potentially sensitive information from the\n responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. (CVE-2017-6519)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng\n file. (CVE-2018-10177)\n\n - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a\n denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - A flaw was found in polkit before version 0.116. The implementation of the\n polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for\n authentication and trigger authentication of unrelated processes owned by other users. This may result in\n a local DoS and information disclosure. (CVE-2018-1116)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in\n coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12600)\n\n - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an\n out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is\n considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is\n classified as low risk for common server usage. (CVE-2018-1301)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a\n specially crafted email that contains a valid signature from the entity to be impersonated as an\n attachment. (CVE-2018-15587)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36\n 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory\n resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in\n MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an\n attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted\n file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c\n was found. (CVE-2018-16750)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before\n decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since\n the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be\n used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet,\n resulting in Denial of Service. (CVE-2018-18066)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the\n function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num\n from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds\n (OOB) read that potentially allows arbitrary read in the kernel address space. (CVE-2018-19985)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,\n with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial\n of service via a crafted file. (CVE-2018-20467)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before\n 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. (CVE-2018-20852)\n\n - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved\n access restrictions. (CVE-2018-4180, CVE-2018-4181)\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust\n anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys\n feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if,\n during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions\n 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and\n panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to\n CVE-2013-4343. (CVE-2018-7191)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of\n service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact\n via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions\n (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the\n formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end\n of the buffer or to crash the program. (CVE-2019-10131)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before\n 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware\n could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page\n that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel\n image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the\n attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic\n is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a\n crafted image file. (CVE-2019-10650)\n\n - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because\n install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the\n ptrace_may_access() check has a race condition when reading /proc/pid/stat. (CVE-2019-11190)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service\n (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This\n occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the\n header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure\n via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of\n coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via\n a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a\n local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command,\n because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the\n Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as\n not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance\n for a NULL pointer dereference. (CVE-2019-12382)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage\n in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted\n image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in\n coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in\n MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in\n coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage\n in coders/cut.c. (CVE-2019-13135)\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\n - In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an\n LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds\n violation. (CVE-2019-13233)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of\n off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage\n error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in\n MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled,\n a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn()\n system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c. (CVE-2019-13648)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params()\n function of Marvell Wifi Driver. (CVE-2019-14815)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in\n the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in\n the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the\n qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in\n ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than\n CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-\n free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that\n is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service\n (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to\n TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in\n tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a\n malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x\n through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An\n application that uses the email module and implements some kind of checks on the From/To headers of a\n message could be tricked into accepting an email address that should be denied. An attack may be the same\n as in CVE-2019-11340; however, this CVE applies to Python more generally. (CVE-2019-16056)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in\n MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by\n WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in\n MagickCore/constitute.c. (CVE-2019-16713)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap\n overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in the parser is to shift left the contents of the\n message. To do this, it will call memmove with the right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in\n the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings that do not satisfy this constraint. If the string\n does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that\n detects invalid log messages. The message will then be considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero\n and now becomes minus one. The following step in the parser is to shift left the contents of the message.\n To do this, it will call memmove with the right pointers to the target and destination strings, but the\n lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17042)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the\n error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is\n not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to\n arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-\n buffer). (CVE-2019-19768)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of\n coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of\n coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2737)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL\n Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well\n as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2019-2739)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2740)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2805)\n\n - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all\n contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard\n shortcuts, and potentially other actions. (CVE-2019-3820)\n\n - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker\n could abuse this flaw to get confidential information by tricking the user into connecting to a fake\n server without the user noticing the difference. (CVE-2019-3890)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it\n is possible for the specified target task to perform an execve() syscall with setuid execution before\n perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check\n and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged\n execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl\n versions 7.19.4 through 7.64.1. (CVE-2019-5436)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones\n are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and\n versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to\n a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection\n to a server could consume more resources than the server has been provisioned to handle. When a TCP\n connection with a large number of pipelined queries is closed, the load on the server releasing these\n multiple resources can cause it to become unresponsive, even for queries that can be answered\n authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in\n WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable\n to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source,\n the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver\n receives the firmware event frame from the host, the appropriate handler is called. This frame validation\n can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event\n frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi\n packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.\n More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9503)\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of\n coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image\n file. (CVE-2019-9956)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.\n This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the\n system. (CVE-2020-10757)\n\n - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated\n synchronization via a server mode packet with a spoofed source IP address, because transmissions are\n rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)\n\n - An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-\n daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local\n attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use\n this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus\n clients. (CVE-2020-12049)\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka CID-3a9b153c5591. (CVE-2020-12654)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service\n (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The\n victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can\n query time from the victim's ntpd instance. (CVE-2020-13817)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as\n unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client\n and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14556)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14577)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and\n server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14578, CVE-2020-14579)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability\n does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code\n installed by an administrator). (CVE-2020-14583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in unauthorized creation,\n deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2020-14593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported\n versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability can only be exploited by supplying data to APIs in the specified Component without using\n Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-14621)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported\n versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-2754, CVE-2020-2755)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-2756, CVE-2020-2757)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result\n in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized\n read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java.\n This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-2767)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-2773)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result\n in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-2778)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java\n SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause\n a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-2781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP\n Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:\n 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability can only be exploited by supplying data to APIs in the specified Component without using\n Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2020-2803, CVE-2020-2805)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component\n without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web\n service. (CVE-2020-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-2830)\n\n - It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data\n received from a remote LAN party, which may lead to buffer overflows and potentially to remote code\n execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This\n problem is fixed in version 1.8.19. (CVE-2020-5208)\n\n - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches\n performed when processing referrals can, through the use of specially crafted referrals, cause a recursing\n server to issue a very large number of fetches in an attempt to process the referral. This has at least\n two potential effects: The performance of the recursing server can potentially be degraded by the\n additional work required to perform these fetches, and The attacker can exploit this behavior to use the\n recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)\n\n - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an\n inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the\n server. Since BIND, by default, configures a local session key even on servers whose configuration does\n not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating\n from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately\n exits. Prior to the introduction of the check the server would continue operating in an inconsistent\n state, with potentially harmful results. (CVE-2020-8617)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.15.3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6382cc23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9503\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.15.3', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.15.3 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.15.3', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.15.3 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:39:22", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nDue to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-26T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : ImageMagick vulnerabilities (USN-4034-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12805", "CVE-2017-12806", "CVE-2018-14434", "CVE-2018-15607", "CVE-2018-16323", "CVE-2018-16412", "CVE-2018-16413", "CVE-2018-16644", "CVE-2018-16645", "CVE-2018-17965", "CVE-2018-17966", "CVE-2018-18016", "CVE-2018-18023", "CVE-2018-18024", "CVE-2018-18025", "CVE-2018-18544", "CVE-2018-20467", "CVE-2019-10131", "CVE-2019-10649", "CVE-2019-10650", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-7175", "CVE-2019-7395", "CVE-2019-7396", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-8", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-6", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-6-extra", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4034-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4034-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126254);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2018-14434\", \"CVE-2018-15607\", \"CVE-2018-16323\", \"CVE-2018-16412\", \"CVE-2018-16413\", \"CVE-2018-16644\", \"CVE-2018-16645\", \"CVE-2018-17965\", \"CVE-2018-17966\", \"CVE-2018-18016\", \"CVE-2018-18023\", \"CVE-2018-18024\", \"CVE-2018-18025\", \"CVE-2018-18544\", \"CVE-2018-20467\", \"CVE-2019-10131\", \"CVE-2019-10649\", \"CVE-2019-10650\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-7175\", \"CVE-2019-7395\", \"CVE-2019-7396\", \"CVE-2019-7397\", \"CVE-2019-7398\", \"CVE-2019-9956\");\n script_xref(name:\"USN\", value:\"4034-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : ImageMagick vulnerabilities (USN-4034-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nDue to a large number of issues discovered in GhostScript that prevent\nit from being used by ImageMagick safely, the update for Ubuntu 18.10\nand Ubuntu 19.04 includes a default policy change that disables\nsupport for the Postscript and PDF formats in ImageMagick. This policy\ncan be overridden if necessary by using an alternate ImageMagick\npolicy configuration.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4034-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9956\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-6-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"imagemagick\", pkgver:\"8:6.9.10.8+dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.10.8+dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libmagick++-6.q16-8\", pkgver:\"8:6.9.10.8+dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libmagickcore-6.q16-6\", pkgver:\"8:6.9.10.8+dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libmagickcore-6.q16-6-extra\", pkgver:\"8:6.9.10.8+dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.10.14+dfsg-7ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.10.14+dfsg-7ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libmagick++-6.q16-8\", pkgver:\"8:6.9.10.14+dfsg-7ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libmagickcore-6.q16-6\", pkgver:\"8:6.9.10.14+dfsg-7ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libmagickcore-6.q16-6-extra\", pkgver:\"8:6.9.10.14+dfsg-7ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:37:34", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3681-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110516);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\", \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\", \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\", \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\", \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\", \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\", \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\", \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\", \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\", \"CVE-2018-6405\", \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_xref(name:\"USN\", value:\"3681-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3681-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-26T18:36:54", "description": "The version of AOS installed on the remote host is prior to 5.17.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.17.1 advisory.\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. (CVE-2017-15710)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. (CVE-2017-6519)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. (CVE-2018-1116)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. (CVE-2018-1301)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. (CVE-2018-15587)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2018-18066)\n\n - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. (CVE-2018-19985)\n\n - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. (CVE-2018-20852)\n\n - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. (CVE-2018-4180, CVE-2018-4181)\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (CVE-2018-7191)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-0199)\n\n - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-10072)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (CVE-2019-11190)\n\n - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236)\n\n - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. (CVE-2019-12418)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\n - In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (CVE-2019-13233)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. (CVE-2019-13648)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. (CVE-2019-14815)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. (CVE-2019-16056)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message.\n To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17042)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. (CVE-2019-17563)\n\n - The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. (CVE-2019-17569)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\n (CVE-2019-19338)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2737)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2019-2739)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2740)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2805)\n\n - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions. (CVE-2019-3820)\n\n - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. (CVE-2019-3890)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. (CVE-2019-5436)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.\n More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9503)\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)\n\n - An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. (CVE-2020-10531)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. (CVE-2020-13935)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. (CVE-2020-1935)\n\n - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\n (CVE-2020-1938)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2754, CVE-2020-2755)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2756, CVE-2020-2757)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java.\n This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-2767)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2773)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2778)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:\n 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-2803, CVE-2020-2805)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2020-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-2830)\n\n - It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. (CVE-2020-5208)\n\n - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)\n\n - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. (CVE-2020-8617)\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.17.1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4343", "CVE-2015-1283", "CVE-2015-2716", "CVE-2015-2809", "CVE-2015-8035", "CVE-2015-9289", "CVE-2016-5131", "CVE-2017-1000476", "CVE-2017-11166", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-15412", "CVE-2017-15710", "CVE-2017-17807", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18258", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-6519", "CVE-2018-10177", "CVE-2018-10360", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-1116", "CVE-2018-11656", "CVE-2018-12599", "CVE-2018-12600", "CVE-2018-1301", "CVE-2018-13153", "CVE-2018-14404", "CVE-2018-14434", "CVE-2018-14435", "CVE-2018-14436", "CVE-2018-14437", "CVE-2018-14567", "CVE-2018-15587", "CVE-2018-15607", "CVE-2018-16328", "CVE-2018-16749", "CVE-2018-16750", "CVE-2018-17199", "CVE-2018-18066", "CVE-2018-18074", "CVE-2018-18544", "CVE-2018-19985", "CVE-2018-20060", "CVE-2018-20169", "CVE-2018-20467", "CVE-2018-20852", "CVE-2018-4180", "CVE-2018-4181", "CVE-2018-4700", "CVE-2018-5745", "CVE-2018-7191", "CVE-2018-8804", "CVE-2018-9133", "CVE-2018-9251", "CVE-2019-0199", "CVE-2019-10072", "CVE-2019-10131", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-10650", "CVE-2019-11135", "CVE-2019-11190", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11340", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11487", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-12418", "CVE-2019-12974", "CVE-2019-12975", "CVE-2019-12976", "CVE-2019-12978", "CVE-2019-12979", "CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13135", "CVE-2019-13232", "CVE-2019-13233", "CVE-2019-13295", "CVE-2019-13297", "CVE-2019-13300", "CVE-2019-13301", "CVE-2019-13304", "CVE-2019-13305", "CVE-2019-13306", "CVE-2019-13307", "CVE-2019-13309", "CVE-2019-13310", "CVE-2019-13311", "CVE-2019-13454", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14815", "CVE-2019-14980", "CVE-2019-14981", "CVE-2019-15090", "CVE-2019-15139", "CVE-2019-15140", "CVE-2019-15141", "CVE-2019-15221", "CVE-2019-15916", "CVE-2019-16056", "CVE-2019-16708", "CVE-2019-16709", "CVE-2019-16710", "CVE-2019-16711", "CVE-2019-16712", "CVE-2019-16713", "CVE-2019-16746", "CVE-2019-17041", "CVE-2019-17042", "CVE-2019-17540", "CVE-2019-17541", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17666", "CVE-2019-18660", "CVE-2019-19338", "CVE-2019-19948", "CVE-2019-19949", "CVE-2019-2737", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2805", "CVE-2019-3820", "CVE-2019-3890", "CVE-2019-3901", "CVE-2019-5436", "CVE-2019-6465", "CVE-2019-6477", "CVE-2019-7175", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9503", "CVE-2019-9924", "CVE-2019-9956", "CVE-2020-10531", "CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830", "CVE-2020-5208", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-9484"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:2.3:o:nutanix:aos:*:*:*:*:*:*:*:*"], "id": "NUTANIX_NXSA-AOS-5_17_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164612", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164612);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2015-2716\",\n \"CVE-2015-8035\",\n \"CVE-2015-9289\",\n \"CVE-2016-5131\",\n \"CVE-2017-6519\",\n \"CVE-2017-11166\",\n \"CVE-2017-12805\",\n \"CVE-2017-12806\",\n \"CVE-2017-15412\",\n \"CVE-2017-15710\",\n \"CVE-2017-17807\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18258\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2017-1000476\",\n \"CVE-2018-1116\",\n \"CVE-2018-1301\",\n \"CVE-2018-4180\",\n \"CVE-2018-4181\",\n \"CVE-2018-4700\",\n \"CVE-2018-5745\",\n \"CVE-2018-7191\",\n \"CVE-2018-8804\",\n \"CVE-2018-9133\",\n \"CVE-2018-10177\",\n \"CVE-2018-10360\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11656\",\n \"CVE-2018-12599\",\n \"CVE-2018-12600\",\n \"CVE-2018-13153\",\n \"CVE-2018-14404\",\n \"CVE-2018-14434\",\n \"CVE-2018-14435\",\n \"CVE-2018-14436\",\n \"CVE-2018-14437\",\n \"CVE-2018-14567\",\n \"CVE-2018-15587\",\n \"CVE-2018-15607\",\n \"CVE-2018-16328\",\n \"CVE-2018-16749\",\n \"CVE-2018-16750\",\n \"CVE-2018-17199\",\n \"CVE-2018-18066\",\n \"CVE-2018-18074\",\n \"CVE-2018-18544\",\n \"CVE-2018-19985\",\n \"CVE-2018-20060\",\n \"CVE-2018-20169\",\n \"CVE-2018-20467\",\n \"CVE-2018-20852\",\n \"CVE-2019-0199\",\n \"CVE-2019-2737\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2805\",\n \"CVE-2019-3820\",\n \"CVE-2019-3890\",\n \"CVE-2019-3901\",\n \"CVE-2019-5436\",\n \"CVE-2019-6465\",\n \"CVE-2019-6477\",\n \"CVE-2019-7175\",\n \"CVE-2019-7397\",\n \"CVE-2019-7398\",\n \"CVE-2019-9503\",\n \"CVE-2019-9924\",\n \"CVE-2019-9956\",\n \"CVE-2019-10072\",\n \"CVE-2019-10131\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-10650\",\n \"CVE-2019-11135\",\n \"CVE-2019-11190\",\n \"CVE-2019-11236\",\n \"CVE-2019-11324\",\n \"CVE-2019-11470\",\n \"CVE-2019-11472\",\n \"CVE-2019-11487\",\n \"CVE-2019-11597\",\n \"CVE-2019-11598\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-12418\",\n \"CVE-2019-12974\",\n \"CVE-2019-12975\",\n \"CVE-2019-12976\",\n \"CVE-2019-12978\",\n \"CVE-2019-12979\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\",\n \"CVE-2019-13135\",\n \"CVE-2019-13232\",\n \"CVE-2019-13233\",\n \"CVE-2019-13295\",\n \"CVE-2019-13297\",\n \"CVE-2019-13300\",\n \"CVE-2019-13301\",\n \"CVE-2019-13304\",\n \"CVE-2019-13305\",\n \"CVE-2019-13306\",\n \"CVE-2019-13307\",\n \"CVE-2019-13309\",\n \"CVE-2019-13310\",\n \"CVE-2019-13311\",\n \"CVE-2019-13454\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14815\",\n \"CVE-2019-14980\",\n \"CVE-2019-14981\",\n \"CVE-2019-15090\",\n \"CVE-2019-15139\",\n \"CVE-2019-15140\",\n \"CVE-2019-15141\",\n \"CVE-2019-15221\",\n \"CVE-2019-15916\",\n \"CVE-2019-16056\",\n \"CVE-2019-16708\",\n \"CVE-2019-16709\",\n \"CVE-2019-16710\",\n \"CVE-2019-16711\",\n \"CVE-2019-16712\",\n \"CVE-2019-16713\",\n \"CVE-2019-16746\",\n \"CVE-2019-17041\",\n \"CVE-2019-17042\",\n \"CVE-2019-17540\",\n \"CVE-2019-17541\",\n \"CVE-2019-17563\",\n \"CVE-2019-17569\",\n \"CVE-2019-17666\",\n \"CVE-2019-18660\",\n \"CVE-2019-19338\",\n \"CVE-2019-19948\",\n \"CVE-2019-19949\",\n \"CVE-2020-1935\",\n \"CVE-2020-1938\",\n \"CVE-2020-2754\",\n \"CVE-2020-2755\",\n \"CVE-2020-2756\",\n \"CVE-2020-2757\",\n \"CVE-2020-2767\",\n \"CVE-2020-2773\",\n \"CVE-2020-2778\",\n \"CVE-2020-2781\",\n \"CVE-2020-2800\",\n \"CVE-2020-2803\",\n \"CVE-2020-2805\",\n \"CVE-2020-2816\",\n \"CVE-2020-2830\",\n \"CVE-2020-5208\",\n \"CVE-2020-8616\",\n \"CVE-2020-8617\",\n \"CVE-2020-9484\",\n \"CVE-2020-10531\",\n \"CVE-2020-11996\",\n \"CVE-2020-13934\",\n \"CVE-2020-13935\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0021\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.17.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.17.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.17.1 advisory.\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and\n Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of\n compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which\n allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,\n allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (CVE-2016-5131)\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in\n coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can\n cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD\n file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which\n allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which\n allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured\n with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding\n when verifying the user's credentials. If the header value is not present in the charset conversion table,\n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example,\n 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of\n one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the\n process would crash which could be used as a Denial of Service attack. In the more likely case, this\n memory is already reserved for future use and the issue has no effect at all. (CVE-2017-15710)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to\n the current task's default request-key keyring via the request_key() system call, allowing a local user\n to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write\n permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows\n attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via\n a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function\n WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted\n file. (CVE-2017-18254)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict\n memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function\n ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a\n crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source\n addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic\n amplification) and may cause information leakage by obtaining potentially sensitive information from the\n responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. (CVE-2017-6519)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c\n file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng\n file. (CVE-2018-10177)\n\n - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a\n denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - A flaw was found in polkit before version 0.116. The implementation of the\n polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for\n authentication and trigger authentication of unrelated processes owned by other users. This may result in\n a local DoS and information disclosure. (CVE-2018-1116)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in\n coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out\n of bounds write via a crafted file. (CVE-2018-12600)\n\n - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an\n out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is\n considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is\n classified as low risk for common server usage. (CVE-2018-1301)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable\n to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite\n loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\n vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a\n specially crafted email that contains a valid signature from the entity to be impersonated as an\n attachment. (CVE-2018-15587)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36\n 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory\n resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in\n MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an\n attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted\n file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c\n was found. (CVE-2018-16750)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before\n decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since\n the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be\n used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet,\n resulting in Denial of Service. (CVE-2018-18066)\n\n - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon\n receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover\n credentials by sniffing the network. (CVE-2018-18074)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the\n function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num\n from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds\n (OOB) read that potentially allows arbitrary read in the kernel address space. (CVE-2018-19985)\n\n - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin\n redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the\n Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,\n with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial\n of service via a crafted file. (CVE-2018-20467)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before\n 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. (CVE-2018-20852)\n\n - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved\n access restrictions. (CVE-2018-4180, CVE-2018-4181)\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust\n anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys\n feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if,\n during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions\n 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and\n panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to\n CVE-2013-4343. (CVE-2018-7191)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of\n service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact\n via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions\n (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could\n leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with\n excessive numbers of SETTINGS frames and also permitted clients to keep streams open without\n reading/writing request/response data. By keeping streams open for requests that utilised the Servlet\n API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread\n exhaustion and a DoS. (CVE-2019-0199)\n\n - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write\n in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages\n for the connection window (stream 0) clients were able to cause server-side threads to block eventually\n leading to thread exhaustion and a DoS. (CVE-2019-10072)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the\n formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end\n of the buffer or to crash the program. (CVE-2019-10131)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before\n 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware\n could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page\n that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel\n image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the\n attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic\n is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a\n crafted image file. (CVE-2019-10650)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated\n user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because\n install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the\n ptrace_may_access() check has a race condition when reading /proc/pid/stat. (CVE-2019-11190)\n\n - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the\n request parameter. (CVE-2019-11236)\n\n - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA\n certificates is different from the OS store of CA certificates, which results in SSL connections\n succeeding in situations where a verification failure is the correct outcome. This is related to use of\n the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service\n (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This\n occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the\n header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-\n free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of\n coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure\n via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of\n coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via\n a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a\n local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command,\n because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the\n Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as\n not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance\n for a NULL pointer dereference. (CVE-2019-12382)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote\n Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able\n to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords\n used to access the JMX interface. The attacker can then use these credentials to access the JMX interface\n and gain complete control over the Tomcat instance. (CVE-2019-12418)\n\n - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage\n in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted\n image. (CVE-2019-12974)\n\n - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.\n (CVE-2019-12975)\n\n - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in\n coders/pango.c. (CVE-2019-12978)\n\n - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in\n MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.\n (CVE-2019-13133)\n\n - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in\n coders/viff.c. (CVE-2019-13134)\n\n - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage\n in coders/cut.c. (CVE-2019-13135)\n\n - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of\n service (resource consumption), aka a better zip bomb issue. (CVE-2019-13232)\n\n - In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an\n LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds\n violation. (CVE-2019-13233)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in\n AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling columns. (CVE-2019-13300)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.\n (CVE-2019-13301)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced assignment. (CVE-2019-13304)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a\n misplaced strncpy and an off-by-one error. (CVE-2019-13305)\n\n - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of\n off-by-one errors. (CVE-2019-13306)\n\n - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages\n because of mishandling rows. (CVE-2019-13307)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage\n error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in\n MagickWand/mogrify.c. (CVE-2019-13310)\n\n - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.\n (CVE-2019-13311)\n\n - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.\n (CVE-2019-13454)\n\n - In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled,\n a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn()\n system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c. (CVE-2019-13648)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params()\n function of Marvell Wifi Driver. (CVE-2019-14815)\n\n - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in\n the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14980)\n\n - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in\n the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.\n (CVE-2019-14981)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the\n qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows\n attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in\n ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than\n CVE-2019-11472. (CVE-2019-15139)\n\n - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-\n free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that\n is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)\n\n - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service\n (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to\n TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in\n tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.\n (CVE-2019-15141)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a\n malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x\n through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An\n application that uses the email module and implements some kind of checks on the From/To headers of a\n message could be tricked into accepting an email address that should be denied. An attack may be the same\n as in CVE-2019-11340; however, this CVE applies to Python more generally. (CVE-2019-16056)\n\n - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)\n\n - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in\n MagickCore/memory.c. (CVE-2019-16710)\n\n - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)\n\n - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by\n WritePS3Image. (CVE-2019-16712)\n\n - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in\n MagickCore/constitute.c. (CVE-2019-16713)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap\n overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this\n case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the\n string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check\n that detects invalid log messages. The message will then be considered valid, and the parser will eat up\n the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was\n zero and now becomes minus one. The following step in the parser is to shift left the contents of the\n message. To do this, it will call memmove with the right pointers to the target and destination strings,\n but the lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17041)\n\n - An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in\n the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a\n space or a colon), but fails to account for strings that do not satisfy this constraint. If the string\n does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that\n detects invalid log messages. The message will then be considered valid, and the parser will eat up the\n nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero\n and now becomes minus one. The following step in the parser is to shift left the contents of the message.\n To do this, it will call memmove with the right pointers to the target and destination strings, but the\n lenMsg will now be interpreted as a huge value, causing a heap overflow. (CVE-2019-17042)\n\n - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.\n (CVE-2019-17540)\n\n - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the\n error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)\n\n - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98\n there was a narrow window where an attacker could perform a session fixation attack. The window was\n considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has\n been treated as a security vulnerability. (CVE-2019-17563)\n\n - The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99\n introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were\n incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a\n reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a\n reverse proxy is considered unlikely. (CVE-2019-17569)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a\n certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)\n\n - The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is\n not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to\n arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where,\n the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error\n occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by\n the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction\n mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism\n to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that\n host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.\n (CVE-2019-19338)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of\n coders/sgi.c. (CVE-2019-19948)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of\n coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows high privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2737)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).\n Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily\n exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL\n Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well\n as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2019-2739)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2740)\n\n - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported\n versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2805)\n\n - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all\n contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard\n shortcuts, and potentially other actions. (CVE-2019-3820)\n\n - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker\n could abuse this flaw to get confidential information by tricking the user into connecting to a fake\n server without the user noticing the difference. (CVE-2019-3890)\n\n - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.\n As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it\n is possible for the specified target task to perform an execve() syscall with setuid execution before\n perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check\n and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged\n execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl\n versions 7.19.4 through 7.64.1. (CVE-2019-5436)\n\n - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones\n are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and\n versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13\n development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2019-6465. (CVE-2019-6465)\n\n - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to\n a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection\n to a server could consume more resources than the server has been provisioned to handle. When a TCP\n connection with a large number of pipelined queries is closed, the load on the server releasing these\n multiple resources can cause it to become unresponsive, even for queries that can be answered\n authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).\n (CVE-2019-6477)\n\n - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)\n\n - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in\n WritePDFImage in coders/pdf.c. (CVE-2019-7397)\n\n - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)\n\n - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable\n to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source,\n the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver\n receives the firmware event frame from the host, the appropriate handler is called. This frame validation\n can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event\n frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi\n packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.\n More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9503)\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\n - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of\n coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image\n file. (CVE-2019-9956)\n\n - An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer\n overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in\n common/unistr.cpp. (CVE-2020-10531)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to\n 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of\n such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56\n did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such\n requests were made, an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to\n 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could\n trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of\n service. (CVE-2020-13935)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used\n an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led\n to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly\n handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered\n unlikely. (CVE-2020-1935)\n\n - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to\n Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP\n connection. If such connections are available to an attacker, they can be exploited in ways that may be\n surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped\n with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected\n (and recommended in the security guide) that this Connector would be disabled if not required. This\n vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the\n web application - processing any file in the web application as a JSP Further, if the web application\n allowed file upload and stored those files within the web application (or the attacker was able to control\n the content of the web application by some other means) then this, along with the ability to process a\n file as a JSP, made remote code execution possible. It is important to note that mitigation is only\n required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth\n approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to\n Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP\n Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading\n to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\n (CVE-2020-1938)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported\n versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-2754, CVE-2020-2755)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-2756, CVE-2020-2757)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result\n in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized\n read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java.\n This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-2767)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-2773)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result\n in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-2778)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java\n SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause\n a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-2781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP\n Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded:\n 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability can only be exploited by supplying data to APIs in the specified Component without using\n Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.\n (CVE-2020-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2020-2803, CVE-2020-2805)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are\n affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE accessible data.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component\n without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web\n service. (CVE-2020-2816)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-2830)\n\n - It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data\n received from a remote LAN party, which may lead to buffer overflows and potentially to remote code\n execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This\n problem is fixed in version 1.8.19. (CVE-2020-5208)\n\n - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches\n performed when processing referrals can, through the use of specially crafted referrals, cause a recursing\n server to issue a very large number of fetches in an attempt to process the referral. This has at least\n two potential effects: The performance of the recursing server can potentially be degraded by the\n additional work required to perform these fetches, and The attacker can exploit this behavior to use the\n recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)\n\n - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an\n inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the\n server. Since BIND, by default, configures a local session key even on servers whose configuration does\n not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating\n from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately\n exits. Prior to the introduction of the check the server would continue operating in an inconsistent\n state, with potentially harmful results. (CVE-2020-8617)\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.17.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3735bc17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-1938\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.17.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.17.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.17.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.17.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:36", "description": "Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Debian DLA-1785-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-5", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1785.NASL", "href": "https://www.tenable.com/plugins/nessus/125093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1785-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n\n script_name(english:\"Debian DLA-1785-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14626\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-26T10:31:54", "description": "The version of AOS installed on the remote host is prior to 5.18. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18 advisory.\n\n - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. (CVE-2015-2716)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)\n\n - The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)\n\n - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. (CVE-2017-15710)\n\n - The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.\n (CVE-2017-17807)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)\n\n - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)\n\n - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)\n\n - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. (CVE-2017-6519)\n\n - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)\n\n - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)\n\n - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)\n\n - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. (CVE-2018-1116)\n\n - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.\n (CVE-2018-11656)\n\n - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)\n\n - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)\n\n - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. (CVE-2018-1301)\n\n - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.\n (CVE-2018-13153)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)\n\n - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)\n\n - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)\n\n - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. (CVE-2018-15587)\n\n - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)\n\n - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)\n\n - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)\n\n - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (CVE-2018-18066)\n\n - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074)\n\n - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)\n\n - The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. (CVE-2018-19985)\n\n - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. (CVE-2018-20852)\n\n - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. (CVE-2018-4180, CVE-2018-4181)\n\n - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm.\n Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. (CVE-2018-5745)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (CVE-2018-7191)\n\n - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)\n\n - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)\n\n - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-0199)\n\n - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. (CVE-2019-10072)\n\n - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)\n\n - A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n (CVE-2019-10207)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (CVE-2019-11190)\n\n - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236)\n\n - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)\n\n - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.\n (CVE-2019-11470)\n\n - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)\n\n - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. (CVE-2019-12418

ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804

Description

Related