ID FEDORA:CDA4160CEB8C Type fedora Reporter Fedora Modified 2017-11-15T20:24:01
Description
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well.
{"id": "FEDORA:CDA4160CEB8C", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 26 Update: ImageMagick-6.9.9.22-1.fc26", "description": "ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. ", "published": "2017-11-15T20:24:01", "modified": "2017-11-15T20:24:01", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-14505"], "lastseen": "2021-06-08T18:39:04", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-14505"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1131-1:F4DB2", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DLA-2366-1:3ECD0", "DEBIAN:DLA-2366-1:54E1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14505"]}, {"type": "fedora", "idList": ["FEDORA:6080E6076A02"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1131.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DLA-2366.NASL", "FEDORA_2017-357FA6205D.NASL", "FEDORA_2017-9C0FC2975C.NASL", "OPENSUSE-2018-283.NASL", "OPENSUSE-2018-343.NASL", "SUSE_SU-2018-0857-1.NASL", "SUSE_SU-2018-0880-1.NASL", "UBUNTU_USN-3681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556", "OPENVAS:1361412562310873682", "OPENVAS:1361412562310873721", "OPENVAS:1361412562310891131", "OPENVAS:1361412562310891785"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-14505"]}, {"type": "ubuntu", "idList": ["USN-3681-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14505"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-14505"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1131-1:F4DB2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14505"]}, {"type": "fedora", "idList": ["FEDORA:6080E6076A02"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1131.NASL", "UBUNTU_USN-3681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556", "OPENVAS:1361412562310873682", "OPENVAS:1361412562310873721"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-14505"]}, {"type": "ubuntu", "idList": ["USN-3681-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14505"]}]}, "exploitation": null, "vulnersScore": 5.8}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "26", "arch": "any", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "imagemagick", "packageVersion": "6.9.9.22"}], "immutableFields": [], "edition": 3, "scheme": null, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "_state": {"dependencies": 1645782588}}
{"nessus": [{"lastseen": "2022-03-27T16:11:19", "description": "6.9.9-22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "Fedora 26 : ImageMagick (2017-357fa6205d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14505"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ImageMagick", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-357FA6205D.NASL", "href": "https://www.tenable.com/plugins/nessus/104594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-357fa6205d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104594);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14505\");\n script_xref(name:\"FEDORA\", value:\"2017-357fa6205d\");\n\n script_name(english:\"Fedora 26 : ImageMagick (2017-357fa6205d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"6.9.9-22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-357fa6205d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"ImageMagick-6.9.9.22-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:28:29", "description": "6.9.9-22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:ImageMagick (2017-9c0fc2975c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14505"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:ImageMagick", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-9C0FC2975C.NASL", "href": "https://www.tenable.com/plugins/nessus/105936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9c0fc2975c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105936);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14505\");\n script_xref(name:\"FEDORA\", value:\"2017-9c0fc2975c\");\n\n script_name(english:\"Fedora 27 : 1:ImageMagick (2017-9c0fc2975c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"6.9.9-22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9c0fc2975c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:ImageMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"ImageMagick-6.9.9.22-1.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:ImageMagick\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:39", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-18230: Specially crafted CINEON images may have caused a NULL pointer dereference (boo#1085233)\n\n - CVE-2017-16353: Specially crafted MIFF images could have allowed for information disclosure (boo#1066170)\n\n - CVE-2017-16352: Specially crafted MIFF images may have caused a heap-based buffer overflow (boo#1066168)\n\n - CVE-2017-14314: Specially crafted image files may have caused a denial of service (boo#1058630)\n\n - CVE-2017-14505: Specially crafted image files may have caused a NULL pointer dereference (boo#1059735)\n\n - CVE-2017-15016: Specially crafted EMF images may have caused a NULL pointer dereference (boo#1082291)\n\n - CVE-2017-15017: Specially crafted MSG images may have caused a NULL pointer dereference (boo#1082283)\n\n - CVE-2017-18219: Specially crafted image files may have been used to cause an application crash (boo#1084060)\n\n - CVE-2017-18220: Specially crafted PNG images may have been used to cause a denial of service (boo#1084062)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14314", "CVE-2017-14505", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18230"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-283.NASL", "href": "https://www.tenable.com/plugins/nessus/108447", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-283.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108447);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-14314\", \"CVE-2017-14505\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18230\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-283)\");\n script_summary(english:\"Check for the openSUSE-2018-283 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-18230: Specially crafted CINEON images may have\n caused a NULL pointer dereference (boo#1085233)\n\n - CVE-2017-16353: Specially crafted MIFF images could have\n allowed for information disclosure (boo#1066170)\n\n - CVE-2017-16352: Specially crafted MIFF images may have\n caused a heap-based buffer overflow (boo#1066168)\n\n - CVE-2017-14314: Specially crafted image files may have\n caused a denial of service (boo#1058630)\n\n - CVE-2017-14505: Specially crafted image files may have\n caused a NULL pointer dereference (boo#1059735)\n\n - CVE-2017-15016: Specially crafted EMF images may have\n caused a NULL pointer dereference (boo#1082291)\n\n - CVE-2017-15017: Specially crafted MSG images may have\n caused a NULL pointer dereference (boo#1082283)\n\n - CVE-2017-18219: Specially crafted image files may have\n been used to cause an application crash (boo#1084060)\n\n - CVE-2017-18220: Specially crafted PNG images may have\n been used to cause a denial of service (boo#1084062)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085233\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-79.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:46", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011)\n\n - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087)\n\n - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060).\n\n - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290)\n\n - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170)\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168)\n\n - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630)\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434)\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735)\n\n - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792)\n\n - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291)\n\n - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283)\n\n - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362)\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11524", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14343", "CVE-2017-14505", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18219", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-8804"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0880-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0880-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108877);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11524\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-13768\", \"CVE-2017-14314\", \"CVE-2017-14343\", \"CVE-2017-14505\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-18219\", \"CVE-2017-9500\", \"CVE-2018-7443\", \"CVE-2018-8804\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0880-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote\n attackers to cause a denial of service (double free and\n application crash) or possibly have unspecified other\n impact via a crafted file (bsc#1086011)\n\n - CVE-2017-11524: The WriteBlob function allowed remote\n attackers to cause a denial of service (assertion\n failure and application exit) via a crafted file\n (bsc#1050087)\n\n - CVE-2017-18219: Prevent allocation failure in the\n function ReadOnePNGImage, which allowed attackers to\n cause a denial of service via a crafted file that\n triggers an attempt at a large png_pixels array\n allocation (bsc#1084060).\n\n - CVE-2017-9500: Prevent assertion failure in the function\n ResetImageProfileIterator, which allowed attackers to\n cause a denial of service via a crafted file\n (bsc#1043290)\n\n - CVE-2017-16353: Prevent memory information disclosure in\n the DescribeImage function caused by a heap-based buffer\n over-read. The portion of the code containing the\n vulnerability is responsible for printing the IPTC\n Profile information contained in the image. This\n vulnerability can be triggered with a specially crafted\n MIFF file. There is an out-of-bounds buffer dereference\n because certain increments were never checked\n (bsc#1066170)\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in\n the 'Display visual image directory' feature of the\n DescribeImage() function. One possible way to trigger\n the vulnerability is to run the identify command on a\n specially crafted MIFF format file with the verbose flag\n (bsc#1066168)\n\n - CVE-2017-14314: Prevent off-by-one error in the\n DrawImage function that allowed remote attackers to\n cause a denial of service (DrawDashPolygon heap-based\n buffer over-read and application crash) via a crafted\n file (bsc#1058630)\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the\n IdentifyImage function that allowed an attacker to\n perform denial of service by sending a crafted image\n file (bsc#1056434)\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which\n allowed attackers to perform Denial of Service (NULL\n pointer dereference and application crash in\n AcquireQuantumMemory within MagickCore/memory.c) by\n providing a crafted Image File as input (bsc#1059735)\n\n - CVE-2018-7443: The ReadTIFFImage function did not\n properly validate the amount of image data in a file,\n which allowed remote attackers to cause a denial of\n service (memory allocation failure in the\n AcquireMagickMemory function in MagickCore/memory.c)\n (bsc#1082792)\n\n - CVE-2017-15016: Prevent NULL pointer dereference\n vulnerability in ReadEnhMetaFile allowing for denial of\n service (bsc#1082291)\n\n - CVE-2017-15017: Prevent NULL pointer dereference\n vulnerability in ReadOneMNGImage allowing for denial of\n service (bsc#1082283)\n\n - CVE-2017-12692: The ReadVIFFImage function allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted VIFF file (bsc#1082362)\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote\n attackers to cause a denial of service (memory\n consumption) via a crafted BMP file (bsc#1082348)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12691/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12692/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12693/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13768/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14343/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15016/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8804/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180880-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b312d73a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13549=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13549=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13549=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-78.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-78.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-78.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:32:35", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011).\n\n - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087).\n\n - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628).\n\n - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634).\n\n - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290).\n\n - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382).\n\n - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170).\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168).\n\n - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630).\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434).\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735).\n\n - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837).\n\n - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792).\n\n - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291).\n\n - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283).\n\n - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362).\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-04T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0857-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11524", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14505", "CVE-2017-14739", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-7470", "CVE-2018-8804"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0857-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0857-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108824);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-11524\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-13768\", \"CVE-2017-14314\", \"CVE-2017-14505\", \"CVE-2017-14739\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-9500\", \"CVE-2018-7443\", \"CVE-2018-7470\", \"CVE-2018-8804\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0857-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote\n attackers to cause a denial of service (double free and\n application crash) or possibly have unspecified other\n impact via a crafted file (bsc#1086011).\n\n - CVE-2017-11524: The WriteBlob function allowed remote\n attackers to cause a denial of service (assertion\n failure and application exit) via a crafted file\n (bsc#1050087).\n\n - CVE-2017-18209: Prevent NULL pointer dereference in the\n GetOpenCLCachedFilesDirectory function caused by a\n memory allocation result that was not checked, related\n to GetOpenCLCacheDirectory (bsc#1083628).\n\n - CVE-2017-18211: Prevent NULL pointer dereference in the\n function saveBinaryCLProgram caused by a program-lookup\n result not being checked, related to CacheOpenCLKernel\n (bsc#1083634).\n\n - CVE-2017-9500: Prevent assertion failure in the function\n ResetImageProfileIterator, which allowed attackers to\n cause a denial of service via a crafted file\n (bsc#1043290).\n\n - CVE-2017-14739: The AcquireResampleFilterThreadSet\n function mishandled failed memory allocation, which\n allowed remote attackers to cause a denial of service\n (NULL pointer Dereference in DistortImage in\n MagickCore/distort.c, and application crash) via\n unspecified vectors (bsc#1060382).\n\n - CVE-2017-16353: Prevent memory information disclosure in\n the DescribeImage function caused by a heap-based buffer\n over-read. The portion of the code containing the\n vulnerability is responsible for printing the IPTC\n Profile information contained in the image. This\n vulnerability can be triggered with a specially crafted\n MIFF file. There is an out-of-bounds buffer dereference\n because certain increments were never checked\n (bsc#1066170).\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in\n the 'Display visual image directory' feature of the\n DescribeImage() function. One possible way to trigger\n the vulnerability is to run the identify command on a\n specially crafted MIFF format file with the verbose flag\n (bsc#1066168).\n\n - CVE-2017-14314: Prevent off-by-one error in the\n DrawImage function that allowed remote attackers to\n cause a denial of service (DrawDashPolygon heap-based\n buffer over-read and application crash) via a crafted\n file (bsc#1058630).\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the\n IdentifyImage function that allowed an attacker to\n perform denial of service by sending a crafted image\n file (bsc#1056434).\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which\n allowed attackers to perform Denial of Service (NULL\n pointer dereference and application crash in\n AcquireQuantumMemory within MagickCore/memory.c) by\n providing a crafted Image File as input (bsc#1059735).\n\n - CVE-2018-7470: The IsWEBPImageLossless function allowed\n attackers to cause a denial of service (segmentation\n violation) via a crafted file (bsc#1082837).\n\n - CVE-2018-7443: The ReadTIFFImage function did not\n properly validate the amount of image data in a file,\n which allowed remote attackers to cause a denial of\n service (memory allocation failure in the\n AcquireMagickMemory function in MagickCore/memory.c)\n (bsc#1082792).\n\n - CVE-2017-15016: Prevent NULL pointer dereference\n vulnerability in ReadEnhMetaFile allowing for denial of\n service (bsc#1082291).\n\n - CVE-2017-15017: Prevent NULL pointer dereference\n vulnerability in ReadOneMNGImage allowing for denial of\n service (bsc#1082283).\n\n - CVE-2017-12692: The ReadVIFFImage function allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted VIFF file (bsc#1082362).\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote\n attackers to cause a denial of service (memory\n consumption) via a crafted BMP file (bsc#1082348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12692/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12693/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13768/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14739/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15016/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18211/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8804/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180857-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b72d9c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-572=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-572=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-572=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-572=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-572=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-572=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-572=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:42", "description": "This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011).\n\n - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087).\n\n - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628).\n\n - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634).\n\n - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290).\n\n - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382).\n\n - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170).\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168).\n\n - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630).\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434).\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735).\n\n - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837).\n\n - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792).\n\n - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291).\n\n - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283).\n\n - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362).\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348). This update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11524", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14505", "CVE-2017-14739", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-7470", "CVE-2018-8804"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-343.NASL", "href": "https://www.tenable.com/plugins/nessus/108935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-343.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108935);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11524\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-13768\", \"CVE-2017-14314\", \"CVE-2017-14505\", \"CVE-2017-14739\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-9500\", \"CVE-2018-7443\", \"CVE-2018-7470\", \"CVE-2018-8804\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-343)\");\n script_summary(english:\"Check for the openSUSE-2018-343 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2018-8804: The WriteEPTImage function allowed remote\n attackers to cause a denial of service (double free and\n application crash) or possibly have unspecified other\n impact via a crafted file (bsc#1086011).\n\n - CVE-2017-11524: The WriteBlob function allowed remote\n attackers to cause a denial of service (assertion\n failure and application exit) via a crafted file\n (bsc#1050087).\n\n - CVE-2017-18209: Prevent NULL pointer dereference in the\n GetOpenCLCachedFilesDirectory function caused by a\n memory allocation result that was not checked, related\n to GetOpenCLCacheDirectory (bsc#1083628).\n\n - CVE-2017-18211: Prevent NULL pointer dereference in the\n function saveBinaryCLProgram caused by a program-lookup\n result not being checked, related to CacheOpenCLKernel\n (bsc#1083634).\n\n - CVE-2017-9500: Prevent assertion failure in the function\n ResetImageProfileIterator, which allowed attackers to\n cause a denial of service via a crafted file\n (bsc#1043290).\n\n - CVE-2017-14739: The AcquireResampleFilterThreadSet\n function mishandled failed memory allocation, which\n allowed remote attackers to cause a denial of service\n (NULL pointer Dereference in DistortImage in\n MagickCore/distort.c, and application crash) via\n unspecified vectors (bsc#1060382).\n\n - CVE-2017-16353: Prevent memory information disclosure in\n the DescribeImage function caused by a heap-based buffer\n over-read. The portion of the code containing the\n vulnerability is responsible for printing the IPTC\n Profile information contained in the image. This\n vulnerability can be triggered with a specially crafted\n MIFF file. There is an out-of-bounds buffer dereference\n because certain increments were never checked\n (bsc#1066170).\n\n - CVE-2017-16352: Prevent a heap-based buffer overflow in\n the 'Display visual image directory' feature of the\n DescribeImage() function. One possible way to trigger\n the vulnerability is to run the identify command on a\n specially crafted MIFF format file with the verbose flag\n (bsc#1066168).\n\n - CVE-2017-14314: Prevent off-by-one error in the\n DrawImage function that allowed remote attackers to\n cause a denial of service (DrawDashPolygon heap-based\n buffer over-read and application crash) via a crafted\n file (bsc#1058630).\n\n - CVE-2017-13768: Prevent NULL pointer dereference in the\n IdentifyImage function that allowed an attacker to\n perform denial of service by sending a crafted image\n file (bsc#1056434).\n\n - CVE-2017-14505: Fixed handling of NULL arrays, which\n allowed attackers to perform Denial of Service (NULL\n pointer dereference and application crash in\n AcquireQuantumMemory within MagickCore/memory.c) by\n providing a crafted Image File as input (bsc#1059735).\n\n - CVE-2018-7470: The IsWEBPImageLossless function allowed\n attackers to cause a denial of service (segmentation\n violation) via a crafted file (bsc#1082837).\n\n - CVE-2018-7443: The ReadTIFFImage function did not\n properly validate the amount of image data in a file,\n which allowed remote attackers to cause a denial of\n service (memory allocation failure in the\n AcquireMagickMemory function in MagickCore/memory.c)\n (bsc#1082792).\n\n - CVE-2017-15016: Prevent NULL pointer dereference\n vulnerability in ReadEnhMetaFile allowing for denial of\n service (bsc#1082291).\n\n - CVE-2017-15017: Prevent NULL pointer dereference\n vulnerability in ReadOneMNGImage allowing for denial of\n service (bsc#1082283).\n\n - CVE-2017-12692: The ReadVIFFImage function allowed\n remote attackers to cause a denial of service (memory\n consumption) via a crafted VIFF file (bsc#1082362).\n\n - CVE-2017-12693: The ReadBMPImage function allowed remote\n attackers to cause a denial of service (memory\n consumption) via a crafted BMP file (bsc#1082348). This\n update was imported from the SUSE:SLE-12:Update update\n project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086011\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:15", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types of files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-11T00:00:00", "type": "nessus", "title": "Debian DLA-1131-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15016", "CVE-2017-15017"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/103756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1131-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103756);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15016\", \"CVE-2017-15017\");\n\n script_name(english:\"Debian DLA-1131-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail,\nCUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other\ntypes of files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:22:36", "description": "Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Debian DLA-1785-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-5", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1785.NASL", "href": "https://www.tenable.com/plugins/nessus/125093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1785-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n\n script_name(english:\"Debian DLA-1785-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14626\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:13:06", "description": "Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "Debian DLA-2366-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6-common", "p-cpe:/a:debian:debian_linux:imagemagick-6-doc", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2366.NASL", "href": "https://www.tenable.com/plugins/nessus/140297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2366-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140297);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-12140\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12806\", \"CVE-2017-12875\", \"CVE-2017-13061\", \"CVE-2017-13133\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-16643\", \"CVE-2018-16749\", \"CVE-2018-18025\", \"CVE-2019-11598\", \"CVE-2019-13135\", \"CVE-2019-13308\", \"CVE-2019-13391\", \"CVE-2019-15139\");\n\n script_name(english:\"Debian DLA-2366-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530\n870107 872609 875338 875339 875341 873871 873131 875352 878506 875503\n875502 876105 876099 878546 878545 877354 877355 878524 878547 878548\n878555 878554 878548 878555 878554 878579 885942 886584 928206 941670\n931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:48", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3681-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110516);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\", \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\", \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\", \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\", \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\", \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\", \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\", \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\", \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\", \"CVE-2018-6405\", \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_xref(name:\"USN\", value:\"3681-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3681-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2021-12-14T17:49:21", "description": "DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-17T19:29:00", "type": "debiancve", "title": "CVE-2017-14505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14505"], "modified": "2017-09-17T19:29:00", "id": "DEBIANCVE:CVE-2017-14505", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-357fa6205d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14505"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_357fa6205d_ImageMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-357fa6205d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873721\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:10:11 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-14505\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-357fa6205d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-357fa6205d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNSDS6T5M6TMTKTSH2AFFVAH5ASAOTYU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.22~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-9c0fc2975c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14505"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873682", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9c0fc2975c_ImageMagick_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-9c0fc2975c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873682\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:07:15 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-14505\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-9c0fc2975c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9c0fc2975c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVO4AHS7BTO7MTLTE2NVU5NZ4MDHHCTL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.22~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:07:49", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-1131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14175", "CVE-2017-14060", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12691", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-12692", "CVE-2017-14173", "CVE-2017-14607", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-14682", "CVE-2017-13769", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891131", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891131\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15016\", \"CVE-2017-15017\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-1131-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"summary\", value:\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T19:25:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-1785-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-14175", "CVE-2017-14060", "CVE-2017-9500", "CVE-2019-10650", "CVE-2017-12674", "CVE-2017-1000445", "CVE-2017-13658", "CVE-2017-1000476", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-12691", "CVE-2017-15015", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12430", "CVE-2017-14532", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-17682", "CVE-2017-13768", "CVE-2019-11598", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-14173", "CVE-2017-13133", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-18271", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-15281", "CVE-2019-9956", "CVE-2017-18273", "CVE-2019-11597", "CVE-2017-12432", "CVE-2017-17914", "CVE-2017-12670", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174", "CVE-2017-13145"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891785", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891785\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:01:09 +0000 (Wed, 15 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-1785-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1785-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/867778\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/868950\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869210\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869712\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/873059\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869727\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/870491\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/870504\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the DLA-1785-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\");\n\n script_tag(name:\"affected\", value:\"'imagemagick' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3681-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3681_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for imagemagick USN-3681-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843556\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 05:45:46 +0200 (Wed, 13 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2018-6405\",\n \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\",\n \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\",\n \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\",\n \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\",\n \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\",\n \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\",\n \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\",\n \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\",\n \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\",\n \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\",\n \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\",\n \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\",\n \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\",\n \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\",\n \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\",\n \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\",\n \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\",\n \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\",\n \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\",\n \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\",\n \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\",\n \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\",\n \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\",\n \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\",\n \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\",\n \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\",\n \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\",\n \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3681-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\nthe target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\nhandled certain malformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could exploit this to\ncause a denial of service or possibly execute code with the privileges of\nthe user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3681-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3681-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-06-08T18:39:04", "description": "ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. ", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-14T09:27:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.22-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14505"], "modified": "2017-11-14T09:27:51", "id": "FEDORA:6080E6076A02", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:47:41", "description": "DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-22T13:19:14", "type": "redhatcve", "title": "CVE-2017-14505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14505"], "modified": "2019-10-12T01:12:49", "id": "RH:CVE-2017-14505", "href": "https://access.redhat.com/security/cve/cve-2017-14505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:40:21", "description": "DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1\nmishandles certain NULL arrays, which allows attackers to perform Denial of\nService (NULL pointer dereference and application crash in\nAcquireQuantumMemory within MagickCore/memory.c) by providing a crafted\nImage File as input.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/716>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878545>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0320-CVE-2017-14505-Fix-DoS-NULL-pointer-dereference-in-DrawGetStrokeDashArray.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-17T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14505"], "modified": "2017-09-17T00:00:00", "id": "UB:CVE-2017-14505", "href": "https://ubuntu.com/security/CVE-2017-14505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:42:03", "description": "DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-17T19:29:00", "type": "cve", "title": "CVE-2017-14505", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14505"], "modified": "2020-09-08T00:15:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-1"], "id": "CVE-2017-14505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.7-1:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-10-22T13:30:06", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u17\nCVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 \n CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 \n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 \n CVE-2017-14224 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400 \n CVE-2017-14505 CVE-2017-14607 CVE-2017-14682 CVE-2017-14739 \n CVE-2017-14741 CVE-2017-14989 CVE-2017-15016 CVE-2017-15017\nDebian Bug : 873871 875338 875339 875341 875352 875502 875503 875504\n 875506 876097 876099 876105 876488\n\n\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-11T02:59:21", "type": "debian", "title": "[SECURITY] [DLA 1131-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15016", "CVE-2017-15017"], "modified": "2017-10-11T02:59:21", "id": "DEBIAN:DLA-1131-1:F4DB2", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-25T11:41:51", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:40B92", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T12:15:46", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:C1442", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T11:01:03", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2366-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVersion : 8:6.9.7.4+dfsg-11+deb9u10\nCVE ID : CVE-2017-12140 CVE-2017-12429 CVE-2017-12430\n \t CVE-2017-12435 CVE-2017-12563 CVE-2017-12643\n CVE-2017-12670 CVE-2017-12674 CVE-2017-12691\n CVE-2017-12692 CVE-2017-12693 CVE-2017-12806\n CVE-2017-12875 CVE-2017-13061 CVE-2017-13133\n CVE-2017-13658 CVE-2017-13768 CVE-2017-14060\n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174\n CVE-2017-14175 CVE-2017-14249 CVE-2017-14341\n CVE-2017-14400 CVE-2017-14505 CVE-2017-14532\n CVE-2017-14624 CVE-2017-14625 CVE-2017-14626\n CVE-2017-14739 CVE-2017-14741 CVE-2017-15015\n CVE-2017-15017 CVE-2017-15281 CVE-2017-17682\n CVE-2017-17914 CVE-2017-18209 CVE-2017-18211\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749\n CVE-2018-18025 CVE-2019-11598 CVE-2019-13135\n CVE-2019-13308 CVE-2019-13391 CVE-2019-15139\n\nDebian Bug : 870020 870019 876105 869727 886281 873059 870504\n 870530 870107 872609 875338 875339 875341 873871\n 873131 875352 878506 875503 875502 876105 876099\n 878546 878545 877354 877355 878524 878547 878548\n 878555 878554 878548 878555 878554 878579 885942\n 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-07T21:24:40", "type": "debian", "title": "[SECURITY] [DLA 2366-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-07T21:24:40", "id": "DEBIAN:DLA-2366-1:54E1C", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-24T16:17:39", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2366-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVersion : 8:6.9.7.4+dfsg-11+deb9u10\nCVE ID : CVE-2017-12140 CVE-2017-12429 CVE-2017-12430\n \t CVE-2017-12435 CVE-2017-12563 CVE-2017-12643\n CVE-2017-12670 CVE-2017-12674 CVE-2017-12691\n CVE-2017-12692 CVE-2017-12693 CVE-2017-12806\n CVE-2017-12875 CVE-2017-13061 CVE-2017-13133\n CVE-2017-13658 CVE-2017-13768 CVE-2017-14060\n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174\n CVE-2017-14175 CVE-2017-14249 CVE-2017-14341\n CVE-2017-14400 CVE-2017-14505 CVE-2017-14532\n CVE-2017-14624 CVE-2017-14625 CVE-2017-14626\n CVE-2017-14739 CVE-2017-14741 CVE-2017-15015\n CVE-2017-15017 CVE-2017-15281 CVE-2017-17682\n CVE-2017-17914 CVE-2017-18209 CVE-2017-18211\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749\n CVE-2018-18025 CVE-2019-11598 CVE-2019-13135\n CVE-2019-13308 CVE-2019-13391 CVE-2019-15139\n\nDebian Bug : 870020 870019 876105 869727 886281 873059 870504\n 870530 870107 872609 875338 875339 875341 873871\n 873131 875352 878506 875503 875502 876105 876099\n 878546 878545 877354 877355 878524 878547 878548\n 878555 878554 878548 878555 878554 878579 885942\n 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-07T21:24:40", "type": "debian", "title": "[SECURITY] [DLA 2366-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-07T21:24:40", "id": "DEBIAN:DLA-2366-1:3ECD0", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:45:53", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.216.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.216.0 or later.\n\n# References\n\n * [USN-3681-1](<https://usn.ubuntu.com/3681-1/>)\n * [CVE-2017-1000445](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000445>)\n * [CVE-2017-1000476](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-1000476>)\n * [CVE-2017-10995](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-10995>)\n * [CVE-2017-11352](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11352>)\n * [CVE-2017-11533](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11533>)\n * [CVE-2017-11535](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11535>)\n * [CVE-2017-11537](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11537>)\n * [CVE-2017-11639](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11639>)\n * [CVE-2017-11640](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-11640>)\n * [CVE-2017-12140](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12140>)\n * [CVE-2017-12418](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12418>)\n * [CVE-2017-12429](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12429>)\n * [CVE-2017-12430](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12430>)\n * [CVE-2017-12431](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12431>)\n * [CVE-2017-12432](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12432>)\n * [CVE-2017-12433](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12433>)\n * [CVE-2017-12435](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12435>)\n * [CVE-2017-12563](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12563>)\n * [CVE-2017-12587](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12587>)\n * [CVE-2017-12640](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12640>)\n * [CVE-2017-12643](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12643>)\n * [CVE-2017-12644](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12644>)\n * [CVE-2017-12670](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12670>)\n * [CVE-2017-12674](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12674>)\n * [CVE-2017-12691](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12691>)\n * [CVE-2017-12692](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12692>)\n * [CVE-2017-12693](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12693>)\n * [CVE-2017-12875](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12875>)\n * [CVE-2017-12877](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12877>)\n * [CVE-2017-12983](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12983>)\n * [CVE-2017-13058](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13058>)\n * [CVE-2017-13059](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13059>)\n * [CVE-2017-13060](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13060>)\n * [CVE-2017-13061](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13061>)\n * [CVE-2017-13062](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13062>)\n * [CVE-2017-13131](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13131>)\n * [CVE-2017-13134](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13134>)\n * [CVE-2017-13139](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13139>)\n * [CVE-2017-13142](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13142>)\n * [CVE-2017-13143](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13143>)\n * [CVE-2017-13144](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13144>)\n * [CVE-2017-13145](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13145>)\n * [CVE-2017-13758](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13758>)\n * [CVE-2017-13768](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13768>)\n * [CVE-2017-13769](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13769>)\n * [CVE-2017-14060](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14060>)\n * [CVE-2017-14172](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14172>)\n * [CVE-2017-14173](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14173>)\n * [CVE-2017-14174](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14174>)\n * [CVE-2017-14175](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14175>)\n * [CVE-2017-14224](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14224>)\n * [CVE-2017-14249](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14249>)\n * [CVE-2017-14325](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14325>)\n * [CVE-2017-14326](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14326>)\n * [CVE-2017-14341](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14341>)\n * [CVE-2017-14342](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14342>)\n * [CVE-2017-14343](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14343>)\n * [CVE-2017-14400](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14400>)\n * [CVE-2017-14505](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14505>)\n * [CVE-2017-14531](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14531>)\n * [CVE-2017-14532](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14532>)\n * [CVE-2017-14533](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14533>)\n * [CVE-2017-14607](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14607>)\n * [CVE-2017-14624](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14624>)\n * [CVE-2017-14625](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14625>)\n * [CVE-2017-14626](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14626>)\n * [CVE-2017-14682](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14682>)\n * [CVE-2017-14684](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14684>)\n * [CVE-2017-14739](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14739>)\n * [CVE-2017-14741](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14741>)\n * [CVE-2017-14989](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14989>)\n * [CVE-2017-15015](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15015>)\n * [CVE-2017-15016](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15016>)\n * [CVE-2017-15017](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15017>)\n * [CVE-2017-15032](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15032>)\n * [CVE-2017-15033](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15033>)\n * [CVE-2017-15217](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15217>)\n * [CVE-2017-15218](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15218>)\n * [CVE-2017-15277](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15277>)\n * [CVE-2017-15281](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15281>)\n * [CVE-2017-16546](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16546>)\n * [CVE-2017-17499](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17499>)\n * [CVE-2017-17504](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17504>)\n * [CVE-2017-17680](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17680>)\n * [CVE-2017-17681](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17681>)\n * [CVE-2017-17682](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17682>)\n * [CVE-2017-17879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17879>)\n * [CVE-2017-17881](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17881>)\n * [CVE-2017-17882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17882>)\n * [CVE-2017-17884](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17884>)\n * [CVE-2017-17885](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17885>)\n * [CVE-2017-17886](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17886>)\n * [CVE-2017-17887](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17887>)\n * [CVE-2017-17914](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17914>)\n * [CVE-2017-17934](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-17934>)\n * [CVE-2017-18008](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18008>)\n * [CVE-2017-18022](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18022>)\n * [CVE-2017-18027](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18027>)\n * [CVE-2017-18028](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18028>)\n * [CVE-2017-18029](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18029>)\n * [CVE-2017-18209](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18209>)\n * [CVE-2017-18211](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18211>)\n * [CVE-2017-18251](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18251>)\n * [CVE-2017-18252](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18252>)\n * [CVE-2017-18254](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18254>)\n * [CVE-2017-18271](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18271>)\n * [CVE-2017-18273](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18273>)\n * [CVE-2018-10177](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10177>)\n * [CVE-2018-10804](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10804>)\n * [CVE-2018-10805](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10805>)\n * [CVE-2018-11251](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11251>)\n * [CVE-2018-11625](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11625>)\n * [CVE-2018-11655](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11655>)\n * [CVE-2018-11656](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-11656>)\n * [CVE-2018-5246](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5246>)\n * [CVE-2018-5247](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5247>)\n * [CVE-2018-5248](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5248>)\n * [CVE-2018-5357](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5357>)\n * [CVE-2018-5358](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5358>)\n * [CVE-2018-6405](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6405>)\n * [CVE-2018-7443](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-7443>)\n * [CVE-2018-8804](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8804>)\n * [CVE-2018-8960](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-8960>)\n * [CVE-2018-9133](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9133>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-06-14T00:00:00", "type": "cloudfoundry", "title": "USN-3681-1: ImageMagick vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133"], "modified": "2018-06-14T00:00:00", "id": "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "href": "https://www.cloudfoundry.org/blog/usn-3681-1/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T11:56:37", "description": "It was discovered that ImageMagick incorrectly handled certain malformed \nimage files. If a user or automated system using ImageMagick were tricked \ninto opening a specially crafted image, an attacker could exploit this to \ncause a denial of service or possibly execute code with the privileges of \nthe user invoking the program.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-06-12T00:00:00", "type": "ubuntu", "title": "ImageMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17882", "CVE-2018-11656", "CVE-2017-16546", "CVE-2017-14684", "CVE-2017-11533", "CVE-2017-15281", "CVE-2017-13061", "CVE-2017-15015", "CVE-2017-18029", "CVE-2017-18008", "CVE-2017-14741", "CVE-2017-14625", "CVE-2017-17499", "CVE-2017-15277", "CVE-2018-11655", "CVE-2017-14249", "CVE-2018-10805", "CVE-2017-14224", "CVE-2017-18209", "CVE-2017-18028", "CVE-2017-14626", "CVE-2017-12431", "CVE-2017-14989", "CVE-2018-8804", "CVE-2018-5248", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-13139", "CVE-2017-14532", "CVE-2017-14326", "CVE-2017-17887", "CVE-2017-12140", "CVE-2017-12670", "CVE-2017-17504", "CVE-2017-14624", "CVE-2017-15016", "CVE-2017-13758", "CVE-2017-17681", "CVE-2017-14739", "CVE-2017-12587", "CVE-2018-5357", "CVE-2017-14343", "CVE-2017-13062", "CVE-2017-12433", "CVE-2017-14174", "CVE-2017-18211", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-12644", "CVE-2017-14175", "CVE-2017-18252", "CVE-2017-17885", "CVE-2018-11625", "CVE-2017-12877", "CVE-2017-11537", "CVE-2017-14173", "CVE-2017-17680", "CVE-2017-17914", "CVE-2017-12875", "CVE-2017-14533", "CVE-2017-15217", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-1000445", "CVE-2017-15017", "CVE-2017-13131", "CVE-2017-12563", "CVE-2018-7443", "CVE-2017-12418", "CVE-2017-17934", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-14682", "CVE-2017-14607", "CVE-2017-14172", "CVE-2017-14060", "CVE-2017-12643", "CVE-2017-12640", "CVE-2017-17886", "CVE-2017-18251", "CVE-2017-1000476", "CVE-2017-13059", "CVE-2017-13144", "CVE-2017-18273", "CVE-2017-13134", "CVE-2018-5247", "CVE-2017-11639", "CVE-2018-5246", "CVE-2017-12691", "CVE-2017-15218", "CVE-2017-13145", "CVE-2017-12432", "CVE-2017-14325", "CVE-2018-6405", "CVE-2017-12674", "CVE-2018-11251", "CVE-2017-14531", "CVE-2017-13768", "CVE-2017-10995", "CVE-2017-18022", "CVE-2017-12692", "CVE-2017-18254", "CVE-2017-17881", "CVE-2017-15033", "CVE-2017-12983", "CVE-2017-13058", "CVE-2018-9133", "CVE-2017-13769", "CVE-2017-14505", "CVE-2018-10177", "CVE-2017-11352", "CVE-2018-5358", "CVE-2017-18027", "CVE-2017-13060", "CVE-2017-14400", "CVE-2017-12693", "CVE-2017-14342", "CVE-2017-15032", "CVE-2018-10804", "CVE-2017-14341", "CVE-2017-12429", "CVE-2018-8960", "CVE-2017-18271", "CVE-2017-17884"], "modified": "2018-06-12T00:00:00", "id": "USN-3681-1", "href": "https://ubuntu.com/security/notices/USN-3681-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
