Updated imagemagick packages fix security vulnerabilities

2018-05-12T06:28:12

Description

The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed. Several packages have been rebuilt for the updated ImageMagick.

Affected Package

OS	OS Version	Package Name	Package Version
Mageia	6	converseen	0.9.6.2-1.3
Mageia	6	cuneiform-linux	1.1.0-9.2
Mageia	6	dvdauthor	0.7.2-2.2
Mageia	6	emacs	24.5-8.3
Mageia	6	imagemagick	6.9.9.41-1
Mageia	6	inkscape	0.92.1-2.2
Mageia	6	k3d	0.8.0.5-5.2
Mageia	6	kxstitch	2.0.0-2.2
Mageia	6	libopenshot	0.1.8-1.2
Mageia	6	ocaml-glmlite	0.03.51-17.2
Mageia	6	perl-image-subimagefind	0.30.0-6.2
Mageia	6	pfstools	2.0.6-3.2
Mageia	6	php-imagick	3.4.1-6.2
Mageia	6	php-magickwand	1.0.9.2-10.2
Mageia	6	psiconv	0.9.8-26.2
Mageia	6	pythonmagick	0.9.12-7.2
Mageia	6	ruby-rmagick	2.15.4-12.2
Mageia	6	synfig	1.2.1-2.2
Mageia	6	vdr-plugin-skinelchi	0.2.8-8.2
Mageia	6	vdr-plugin-skinenigmang	0.1.2-10.2

{"id": "MGASA-2018-0229", "vendorId": null, "type": "mageia", "bulletinFamily": "unix", "title": "Updated imagemagick packages fix security vulnerabilities\n", "description": "The imagemagick package has been updated to version 6.9.9.41 which fixes several unspecified security vulnerabilities. This update fixes several vulnerabilities in imagemagick, including: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed. Several packages have been rebuilt for the updated ImageMagick. \n", "published": "2018-05-12T06:28:12", "modified": "2018-05-12T06:28:12", "epss": [{"cve": "CVE-2016-10046", "epss": 0.00266, "percentile": 0.62814, "modified": "2023-06-06"}, {"cve": "CVE-2016-10051", "epss": 0.0054, "percentile": 0.74021, "modified": "2023-06-06"}, {"cve": "CVE-2016-10052", "epss": 0.00592, "percentile": 0.7522, "modified": "2023-06-06"}, {"cve": "CVE-2016-10053", "epss": 0.00595, "percentile": 0.75273, "modified": "2023-06-06"}, {"cve": "CVE-2016-10054", "epss": 0.00476, "percentile": 0.72214, "modified": "2023-06-06"}, {"cve": "CVE-2016-10055", "epss": 0.00476, "percentile": 0.72214, "modified": "2023-06-06"}, {"cve": "CVE-2016-10056", "epss": 0.00599, "percentile": 0.75341, "modified": "2023-06-06"}, {"cve": "CVE-2016-10057", "epss": 0.00476, "percentile": 0.72214, "modified": "2023-06-06"}, {"cve": "CVE-2016-10058", "epss": 0.00595, "percentile": 0.75273, "modified": "2023-06-06"}, {"cve": "CVE-2016-10068", "epss": 0.00441, "percentile": 0.71187, "modified": "2023-06-06"}, {"cve": "CVE-2016-10144", "epss": 0.01204, "percentile": 0.83243, "modified": "2023-06-06"}, {"cve": "CVE-2016-10145", "epss": 0.01056, "percentile": 0.81964, "modified": "2023-06-06"}, {"cve": "CVE-2016-10146", "epss": 0.01193, "percentile": 0.83153, "modified": "2023-06-06"}, {"cve": "CVE-2016-5010", "epss": 0.00485, "percentile": 0.72531, "modified": "2023-06-03"}, {"cve": "CVE-2016-6491", "epss": 0.00596, "percentile": 0.75286, "modified": "2023-06-03"}, {"cve": "CVE-2016-6823", "epss": 0.00442, "percentile": 0.71204, "modified": "2023-06-03"}, {"cve": "CVE-2016-7101", "epss": 0.00519, "percentile": 0.73458, "modified": "2023-06-03"}, {"cve": "CVE-2016-7799", "epss": 0.11482, "percentile": 0.94391, "modified": "2023-06-03"}, {"cve": "CVE-2016-7906", "epss": 0.01027, "percentile": 0.81691, "modified": "2023-06-03"}, {"cve": "CVE-2016-8677", "epss": 0.00437, "percentile": 0.71061, "modified": "2023-06-03"}, {"cve": "CVE-2016-8678", "epss": 0.0051, "percentile": 0.73239, "modified": "2023-06-03"}, {"cve": "CVE-2016-8707", "epss": 0.01071, "percentile": 0.82135, "modified": "2023-06-03"}, {"cve": "CVE-2016-8862", "epss": 0.0076, "percentile": 0.78548, "modified": "2023-06-03"}, {"cve": "CVE-2016-8866", "epss": 0.00561, "percentile": 0.74471, "modified": "2023-06-03"}, {"cve": "CVE-2016-9298", "epss": 0.00627, "percentile": 0.75955, "modified": "2023-06-03"}, {"cve": "CVE-2016-9556", "epss": 0.01144, "percentile": 0.82714, "modified": "2023-06-03"}, {"cve": "CVE-2016-9559", "epss": 0.01511, "percentile": 0.85043, "modified": "2023-06-03"}, {"cve": "CVE-2016-9773", "epss": 0.00318, "percentile": 0.66138, "modified": "2023-06-03"}, {"cve": "CVE-2017-11352", "epss": 0.00385, "percentile": 0.69232, "modified": "2023-06-06"}, {"cve": "CVE-2017-11403", "epss": 0.22443, "percentile": 0.95786, "modified": "2023-06-06"}, {"cve": "CVE-2017-11446", "epss": 0.00238, "percentile": 0.60533, "modified": "2023-06-06"}, {"cve": "CVE-2017-11523", "epss": 0.01332, "percentile": 0.84104, "modified": "2023-06-06"}, {"cve": "CVE-2017-11533", "epss": 0.00234, "percentile": 0.60163, "modified": "2023-06-06"}, {"cve": "CVE-2017-11535", "epss": 0.00234, "percentile": 0.60163, "modified": "2023-06-06"}, {"cve": "CVE-2017-11537", "epss": 0.00234, "percentile": 0.60163, "modified": "2023-06-06"}, {"cve": "CVE-2017-11639", "epss": 0.00361, "percentile": 0.68223, "modified": "2023-06-06"}, {"cve": "CVE-2017-11640", "epss": 0.00413, "percentile": 0.70278, "modified": "2023-06-06"}, {"cve": "CVE-2017-12428", "epss": 0.00201, "percentile": 0.5662, "modified": "2023-06-05"}, {"cve": "CVE-2017-12431", "epss": 0.00252, "percentile": 0.61698, "modified": "2023-06-05"}, {"cve": "CVE-2017-12432", "epss": 0.00252, "percentile": 0.61698, "modified": "2023-06-05"}, {"cve": "CVE-2017-12434", "epss": 0.00091, "percentile": 0.37899, "modified": "2023-06-05"}, {"cve": "CVE-2017-12587", "epss": 0.00304, "percentile": 0.65334, "modified": "2023-06-05"}, {"cve": "CVE-2017-12640", "epss": 0.00736, "percentile": 0.78128, "modified": "2023-06-05"}, {"cve": "CVE-2017-12671", "epss": 0.00091, "percentile": 0.37899, "modified": "2023-06-05"}, {"cve": "CVE-2017-12877", "epss": 0.04046, "percentile": 0.90827, "modified": "2023-06-05"}, {"cve": "CVE-2017-12983", "epss": 0.00807, "percentile": 0.79298, "modified": "2023-06-05"}, {"cve": "CVE-2017-13134", "epss": 0.00557, "percentile": 0.7437, "modified": "2023-06-05"}, {"cve": "CVE-2017-13139", "epss": 0.00995, "percentile": 0.81407, "modified": "2023-06-05"}, {"cve": "CVE-2017-13140", "epss": 0.00284, "percentile": 0.64049, "modified": "2023-06-05"}, {"cve": "CVE-2017-13141", "epss": 0.00259, "percentile": 0.62238, "modified": "2023-06-05"}, {"cve": "CVE-2017-13142", "epss": 0.00494, "percentile": 0.72761, "modified": "2023-06-05"}, {"cve": "CVE-2017-13143", "epss": 0.00552, "percentile": 0.74271, "modified": "2023-06-05"}, {"cve": "CVE-2017-13144", "epss": 0.00361, "percentile": 0.68221, "modified": "2023-06-05"}, {"cve": "CVE-2017-13145", "epss": 0.00826, "percentile": 0.79541, "modified": "2023-06-05"}, {"cve": "CVE-2017-13758", "epss": 0.00502, "percentile": 0.72972, "modified": "2023-06-05"}, {"cve": "CVE-2017-13768", "epss": 0.0054, "percentile": 0.74014, "modified": "2023-06-05"}, {"cve": "CVE-2017-13769", "epss": 0.00407, "percentile": 0.70068, "modified": "2023-06-05"}, {"cve": "CVE-2017-14224", "epss": 0.02184, "percentile": 0.87781, "modified": "2023-06-05"}, {"cve": "CVE-2017-14607", "epss": 0.0044, "percentile": 0.7115, "modified": "2023-06-05"}, {"cve": "CVE-2017-14682", "epss": 0.00612, "percentile": 0.75655, "modified": "2023-06-05"}, {"cve": "CVE-2017-14741", "epss": 0.00583, "percentile": 0.75008, "modified": "2023-06-05"}, {"cve": "CVE-2017-14989", "epss": 0.00238, "percentile": 0.60518, "modified": "2023-06-05"}, {"cve": "CVE-2017-15277", "epss": 0.01547, "percentile": 0.85237, "modified": "2023-06-05"}, {"cve": "CVE-2017-16546", "epss": 0.02144, "percentile": 0.87645, "modified": "2023-06-05"}, {"cve": "CVE-2017-17499", "epss": 0.01819, "percentile": 0.86426, "modified": "2023-06-05"}, {"cve": "CVE-2017-17504", "epss": 0.00268, "percentile": 0.62941, "modified": "2023-06-05"}, {"cve": "CVE-2017-17879", "epss": 0.01169, "percentile": 0.82944, "modified": "2023-06-05"}, {"cve": "CVE-2017-5506", "epss": 0.00801, "percentile": 0.79229, "modified": "2023-06-05"}, {"cve": "CVE-2017-5507", "epss": 0.044, "percentile": 0.91156, "modified": "2023-06-05"}, {"cve": "CVE-2017-5508", "epss": 0.00619, "percentile": 0.75796, "modified": "2023-06-05"}, {"cve": "CVE-2017-5509", "epss": 0.01037, "percentile": 0.81779, "modified": "2023-06-05"}, {"cve": "CVE-2017-5510", "epss": 0.00906, "percentile": 0.80493, "modified": "2023-06-05"}, {"cve": "CVE-2017-5511", "epss": 0.01326, "percentile": 0.84067, "modified": "2023-06-05"}, {"cve": "CVE-2017-7606", "epss": 0.00485, "percentile": 0.72512, "modified": "2023-06-05"}, {"cve": "CVE-2017-7619", "epss": 0.00287, "percentile": 0.64198, "modified": "2023-06-05"}, {"cve": "CVE-2017-7941", "epss": 0.0038, "percentile": 0.69017, "modified": "2023-06-05"}, {"cve": "CVE-2017-7942", "epss": 0.00094, "percentile": 0.38762, "modified": "2023-06-05"}, {"cve": "CVE-2017-7943", "epss": 0.0038, "percentile": 0.69017, "modified": "2023-06-05"}, {"cve": "CVE-2017-8343", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8344", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8345", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8346", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8347", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8348", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8349", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8350", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8351", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8352", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8353", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8354", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8355", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8356", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8357", "epss": 0.00315, "percentile": 0.65916, "modified": "2023-06-05"}, {"cve": "CVE-2017-8765", "epss": 0.00188, "percentile": 0.54872, "modified": "2023-06-05"}, {"cve": "CVE-2017-8830", "epss": 0.00188, "percentile": 0.54872, "modified": "2023-06-05"}, {"cve": "CVE-2017-9098", "epss": 0.00263, "percentile": 0.62559, "modified": "2023-06-05"}, {"cve": "CVE-2017-9141", "epss": 0.00453, "percentile": 0.71579, "modified": "2023-06-05"}, {"cve": "CVE-2017-9142", "epss": 0.00453, "percentile": 0.71579, "modified": "2023-06-05"}, {"cve": "CVE-2017-9143", "epss": 0.00319, "percentile": 0.66185, "modified": "2023-06-05"}, {"cve": "CVE-2017-9144", "epss": 0.00246, "percentile": 0.61151, "modified": "2023-06-05"}, {"cve": "CVE-2017-9439", "epss": 0.00088, "percentile": 0.36366, "modified": "2023-06-05"}, {"cve": "CVE-2017-9440", "epss": 0.00088, "percentile": 0.36366, "modified": "2023-06-05"}, {"cve": "CVE-2017-9500", "epss": 0.00288, "percentile": 0.64261, "modified": "2023-06-05"}, {"cve": "CVE-2017-9501", "epss": 0.00213, "percentile": 0.57938, "modified": "2023-06-05"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://advisories.mageia.org/MGASA-2018-0229.html", "reporter": "Gentoo Foundation", "references": ["https://bugs.mageia.org/show_bug.cgi?id=19078", "http://git.imagemagick.org/repos/ImageMagick/blob/ImageMagick-6/ChangeLog"], "cvelist": ["CVE-2016-10046", "CVE-2016-10051", "CVE-2016-10052", "CVE-2016-10053", "CVE-2016-10054", "CVE-2016-10055", "CVE-2016-10056", "CVE-2016-10057", "CVE-2016-10058", "CVE-2016-10068", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-5010", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8678", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9298", "CVE-2016-9556", "CVE-2016-9559", "CVE-2016-9773", "CVE-2017-11352", "CVE-2017-11403", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17879", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5509", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144", "CVE-2017-9439", "CVE-2017-9440", "CVE-2017-9500", "CVE-2017-9501"], "immutableFields": [], "lastseen": "2023-06-06T16:28:09", "viewCount": 22, "enchantments": {"score": {"value": 2.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2016-5010", "ALPINE:CVE-2016-6491", "ALPINE:CVE-2016-7799", "ALPINE:CVE-2016-7906", "ALPINE:CVE-2017-11403", "ALPINE:CVE-2017-13134", "ALPINE:CVE-2017-14103", "ALPINE:CVE-2017-15277", "ALPINE:CVE-2017-18220"]}, {"type": "amazon", "idList": ["ALAS-2017-891"]}, {"type": "archlinux", "idList": ["ASA-201607-13", "ASA-201610-6", "ASA-201801-7"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-1088", "CPAI-2016-1134", "CPAI-2017-1527"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0786D81DB4A901AA3B5284FE6A0FCD9C", "CFOUNDRY:34369009FCCF4C09275F6EF965B4832E", "CFOUNDRY:7C773AAD48A4086E963861DDB379146F", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "CFOUNDRY:D716827DA44D41333F3C4C92A77A0B32", "CFOUNDRY:D8534D7A468FE2CF04E2631B6EBB8190"]}, {"type": "cve", "idList": ["CVE-2016-10046", "CVE-2016-10051", "CVE-2016-10052", "CVE-2016-10053", "CVE-2016-10054", "CVE-2016-10055", "CVE-2016-10056", "CVE-2016-10057", "CVE-2016-10058", "CVE-2016-10068", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-5010", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8678", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9298", "CVE-2016-9556", "CVE-2016-9559", "CVE-2016-9773", "CVE-2017-11352", "CVE-2017-11403", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14103", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17879", "CVE-2017-18220", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5509", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-7275", "CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144", "CVE-2017-9439", "CVE-2017-9440", "CVE-2017-9500", "CVE-2017-9501"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1000-1:BACD8", "DEBIAN:DLA-1045-1:24D9D", "DEBIAN:DLA-1045-1:712EB", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1131-1:F4DB2", "DEBIAN:DLA-1139-1:97EAB", "DEBIAN:DLA-1140-1:BCDD2", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DLA-1170-1:0834A", "DEBIAN:DLA-1227-1:838A2", "DEBIAN:DLA-1227-1:EB5E4", "DEBIAN:DLA-1322-1:2D122", "DEBIAN:DLA-1322-1:383CB", "DEBIAN:DLA-1401-1:300F8", "DEBIAN:DLA-1401-1:A41C0", "DEBIAN:DLA-1456-1:6B17B", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DLA-2366-1:3ECD0", "DEBIAN:DLA-2366-1:54E1C", "DEBIAN:DLA-731-1:2431F", "DEBIAN:DLA-756-1:F14C9", "DEBIAN:DLA-807-1:D8162", "DEBIAN:DLA-902-1:68613", "DEBIAN:DLA-902-1:DBD76", "DEBIAN:DLA-953-1:1E29A", "DEBIAN:DLA-953-1:E715F", "DEBIAN:DLA-960-1:AD3CB", "DEBIAN:DSA-3652-1:7D25D", "DEBIAN:DSA-3726-1:11C95", "DEBIAN:DSA-3726-1:AB5D7", "DEBIAN:DSA-3799-1:CBEDC", "DEBIAN:DSA-3863-1:A45FE", "DEBIAN:DSA-3914-1:48C64", "DEBIAN:DSA-4019-1:AFDE4", "DEBIAN:DSA-4032-1:08B80", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4074-1:AED98", "DEBIAN:DSA-4204-1:1D5FF", "DEBIAN:DSA-4204-1:271DB", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10046", "DEBIANCVE:CVE-2016-10051", "DEBIANCVE:CVE-2016-10052", "DEBIANCVE:CVE-2016-10053", "DEBIANCVE:CVE-2016-10054", "DEBIANCVE:CVE-2016-10055", "DEBIANCVE:CVE-2016-10056", "DEBIANCVE:CVE-2016-10057", "DEBIANCVE:CVE-2016-10058", "DEBIANCVE:CVE-2016-10068", "DEBIANCVE:CVE-2016-10144", "DEBIANCVE:CVE-2016-10145", "DEBIANCVE:CVE-2016-10146", "DEBIANCVE:CVE-2016-5010", "DEBIANCVE:CVE-2016-6491", "DEBIANCVE:CVE-2016-6823", "DEBIANCVE:CVE-2016-7101", "DEBIANCVE:CVE-2016-7799", "DEBIANCVE:CVE-2016-7906", "DEBIANCVE:CVE-2016-8677", "DEBIANCVE:CVE-2016-8678", "DEBIANCVE:CVE-2016-8707", "DEBIANCVE:CVE-2016-8862", "DEBIANCVE:CVE-2016-8866", "DEBIANCVE:CVE-2016-9298", "DEBIANCVE:CVE-2016-9556", "DEBIANCVE:CVE-2016-9559", "DEBIANCVE:CVE-2016-9773", "DEBIANCVE:CVE-2017-11352", "DEBIANCVE:CVE-2017-11403", "DEBIANCVE:CVE-2017-11446", "DEBIANCVE:CVE-2017-11523", "DEBIANCVE:CVE-2017-11533", "DEBIANCVE:CVE-2017-11535", "DEBIANCVE:CVE-2017-11537", "DEBIANCVE:CVE-2017-11639", "DEBIANCVE:CVE-2017-11640", "DEBIANCVE:CVE-2017-12428", "DEBIANCVE:CVE-2017-12431", "DEBIANCVE:CVE-2017-12432", "DEBIANCVE:CVE-2017-12434", "DEBIANCVE:CVE-2017-12587", "DEBIANCVE:CVE-2017-12640", "DEBIANCVE:CVE-2017-12671", "DEBIANCVE:CVE-2017-12877", "DEBIANCVE:CVE-2017-12983", "DEBIANCVE:CVE-2017-13134", "DEBIANCVE:CVE-2017-13139", "DEBIANCVE:CVE-2017-13140", "DEBIANCVE:CVE-2017-13141", "DEBIANCVE:CVE-2017-13142", "DEBIANCVE:CVE-2017-13143", "DEBIANCVE:CVE-2017-13144", "DEBIANCVE:CVE-2017-13145", "DEBIANCVE:CVE-2017-13758", "DEBIANCVE:CVE-2017-13768", "DEBIANCVE:CVE-2017-13769", "DEBIANCVE:CVE-2017-14103", "DEBIANCVE:CVE-2017-14224", "DEBIANCVE:CVE-2017-14607", "DEBIANCVE:CVE-2017-14682", "DEBIANCVE:CVE-2017-14741", "DEBIANCVE:CVE-2017-14989", "DEBIANCVE:CVE-2017-15277", "DEBIANCVE:CVE-2017-16546", "DEBIANCVE:CVE-2017-17499", "DEBIANCVE:CVE-2017-17504", "DEBIANCVE:CVE-2017-17879", "DEBIANCVE:CVE-2017-18220", "DEBIANCVE:CVE-2017-5506", "DEBIANCVE:CVE-2017-5507", "DEBIANCVE:CVE-2017-5508", "DEBIANCVE:CVE-2017-5509", "DEBIANCVE:CVE-2017-5510", "DEBIANCVE:CVE-2017-5511", "DEBIANCVE:CVE-2017-7275", "DEBIANCVE:CVE-2017-7606", "DEBIANCVE:CVE-2017-7619", "DEBIANCVE:CVE-2017-7941", "DEBIANCVE:CVE-2017-7942", "DEBIANCVE:CVE-2017-7943", "DEBIANCVE:CVE-2017-8343", "DEBIANCVE:CVE-2017-8344", "DEBIANCVE:CVE-2017-8345", "DEBIANCVE:CVE-2017-8346", "DEBIANCVE:CVE-2017-8347", "DEBIANCVE:CVE-2017-8348", "DEBIANCVE:CVE-2017-8349", "DEBIANCVE:CVE-2017-8350", "DEBIANCVE:CVE-2017-8351", "DEBIANCVE:CVE-2017-8352", "DEBIANCVE:CVE-2017-8353", "DEBIANCVE:CVE-2017-8354", "DEBIANCVE:CVE-2017-8355", "DEBIANCVE:CVE-2017-8356", "DEBIANCVE:CVE-2017-8357", "DEBIANCVE:CVE-2017-8765", "DEBIANCVE:CVE-2017-8830", "DEBIANCVE:CVE-2017-9098", "DEBIANCVE:CVE-2017-9141", "DEBIANCVE:CVE-2017-9142", "DEBIANCVE:CVE-2017-9143", "DEBIANCVE:CVE-2017-9144", "DEBIANCVE:CVE-2017-9439", "DEBIANCVE:CVE-2017-9440", "DEBIANCVE:CVE-2017-9500", "DEBIANCVE:CVE-2017-9501"]}, {"type": "fedora", "idList": ["FEDORA:0322961A5185", "FEDORA:082456076F55", "FEDORA:137B4601EDDC", "FEDORA:2944260468B9", "FEDORA:2A5176076F55", "FEDORA:2EB5061A41FC", "FEDORA:30E8F601EDDA", "FEDORA:3828B6193EF4", "FEDORA:4FEEB6076F55", "FEDORA:575B16076F55", "FEDORA:5C7D56076F55", "FEDORA:5D6FE6057139", "FEDORA:5EF1A6076F55", "FEDORA:6541E60748F9", "FEDORA:6B591601EDDE", "FEDORA:6DAC2601EDDA", "FEDORA:748906076F55", "FEDORA:791786076F55", "FEDORA:8F8C0601EDDE", "FEDORA:91A316193EEC", "FEDORA:93FF76076F55", "FEDORA:9766D6076F55", "FEDORA:999936076F55", "FEDORA:A088E6076F55", "FEDORA:A58296076F55", "FEDORA:ABF1F6079731", "FEDORA:BE87C60748F9", "FEDORA:C1BBA6076F55", "FEDORA:C41F46076F55", "FEDORA:DDF2B6326A1A", "FEDORA:E38616193F05", "FEDORA:E4B376030B34", "FEDORA:E7E3A6076F55", "FEDORA:EFEA26193EF3", "FEDORA:F0880601EDDA", "FEDORA:F10E86076F55"]}, {"type": "freebsd", "idList": ["16FB4F83-A2AB-11E7-9C14-009C02A2AB30", "19D35B0F-BA73-11E6-B1CF-14DAE9D210B8", "25F73C47-68A8-4A30-9CBC-1CA5EEA4D6BA", "50776801-4183-11E7-B291-B499BAEBFEAF", "E1F67063-AAB4-11E6-B2D3-60A44CE6887B"]}, {"type": "gentoo", "idList": ["GLSA-201611-21", "GLSA-201702-09", "GLSA-201711-07"]}, {"type": "hackerone", "idList": ["H1:274594", "H1:294548", "H1:302885", "H1:315256", "H1:315906"]}, {"type": "ibm", "idList": ["B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC"]}, {"type": "mageia", "idList": ["MGASA-2017-0229"]}, {"type": "myhack58", "idList": ["MYHACK58:62201681895"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-891.NASL", "DEBIAN_DLA-1000.NASL", "DEBIAN_DLA-1045.NASL", "DEBIAN_DLA-1081.NASL", "DEBIAN_DLA-1131.NASL", "DEBIAN_DLA-1139.NASL", "DEBIAN_DLA-1140.NASL", "DEBIAN_DLA-1154.NASL", "DEBIAN_DLA-1170.NASL", "DEBIAN_DLA-1227.NASL", "DEBIAN_DLA-1322.NASL", "DEBIAN_DLA-1401.NASL", "DEBIAN_DLA-1456.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DLA-2366.NASL", "DEBIAN_DLA-756.NASL", "DEBIAN_DLA-807.NASL", "DEBIAN_DLA-902.NASL", "DEBIAN_DLA-953.NASL", "DEBIAN_DLA-960.NASL", "DEBIAN_DSA-3652.NASL", "DEBIAN_DSA-3726.NASL", "DEBIAN_DSA-3799.NASL", "DEBIAN_DSA-3863.NASL", "DEBIAN_DSA-3914.NASL", "DEBIAN_DSA-4019.NASL", "DEBIAN_DSA-4032.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4074.NASL", "DEBIAN_DSA-4204.NASL", "DEBIAN_DSA-4321.NASL", "EULEROS_SA-2017-1112.NASL", "EULEROS_SA-2017-1116.NASL", "EULEROS_SA-2017-1257.NASL", "EULEROS_SA-2017-1258.NASL", "EULEROS_SA-2019-1970.NASL", "EULEROS_SA-2019-2024.NASL", "EULEROS_SA-2019-2160.NASL", "EULEROS_SA-2019-2354.NASL", "EULEROS_SA-2020-1390.NASL", "EULEROS_SA-2021-1195.NASL", "EULEROS_SA-2021-1305.NASL", "EULEROS_SA-2021-1802.NASL", "FEDORA_2017-0446B53FD8.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-66D9113C7A.NASL", "FEDORA_2017-6C52E2D731.NASL", "FEDORA_2017-758FAFED81.NASL", "FEDORA_2017-897A192750.NASL", "FEDORA_2017-8F27031C8F.NASL", "FEDORA_2017-F5A9805C5B.NASL", "FREEBSD_PKG_16FB4F83A2AB11E79C14009C02A2AB30.NASL", "FREEBSD_PKG_19D35B0FBA7311E6B1CF14DAE9D210B8.NASL", "FREEBSD_PKG_25F73C4768A84A309CBC1CA5EEA4D6BA.NASL", "FREEBSD_PKG_50776801418311E7B291B499BAEBFEAF.NASL", "FREEBSD_PKG_E1F67063AAB411E6B2D360A44CE6887B.NASL", "GENTOO_GLSA-201611-21.NASL", "GENTOO_GLSA-201702-09.NASL", "GENTOO_GLSA-201711-07.NASL", "IMAGEMAGICK_6_9_6_5.NASL", "IMAGEMAGICK_6_9_6_6.NASL", "IMAGEMAGICK_7_0_3_6.NASL", "IMAGEMAGICK_7_0_3_7.NASL", "IMAGEMAGICK_7_0_3_9.NASL", "IMAGEMAGICK_7_0_5_8.NASL", "OPENSUSE-2016-1016.NASL", "OPENSUSE-2016-1229.NASL", "OPENSUSE-2016-1230.NASL", "OPENSUSE-2016-1242.NASL", "OPENSUSE-2016-1282.NASL", "OPENSUSE-2016-1311.NASL", "OPENSUSE-2016-1312.NASL", "OPENSUSE-2016-1413.NASL", "OPENSUSE-2016-1414.NASL", "OPENSUSE-2016-1415.NASL", "OPENSUSE-2016-1430.NASL", "OPENSUSE-2016-1443.NASL", "OPENSUSE-2016-1445.NASL", "OPENSUSE-2016-1511.NASL", "OPENSUSE-2016-1512.NASL", "OPENSUSE-2016-983.NASL", "OPENSUSE-2017-1199.NASL", "OPENSUSE-2017-1270.NASL", "OPENSUSE-2017-1276.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1386.NASL", "OPENSUSE-2017-14.NASL", "OPENSUSE-2017-1413.NASL", "OPENSUSE-2017-212.NASL", "OPENSUSE-2017-214.NASL", "OPENSUSE-2017-303.NASL", "OPENSUSE-2017-538.NASL", "OPENSUSE-2017-616.NASL", "OPENSUSE-2017-664.NASL", "OPENSUSE-2017-686.NASL", "OPENSUSE-2017-781.NASL", "OPENSUSE-2017-851.NASL", "OPENSUSE-2017-971.NASL", "OPENSUSE-2018-145.NASL", "OPENSUSE-2018-166.NASL", "OPENSUSE-2018-213.NASL", "OPENSUSE-2018-230.NASL", "OPENSUSE-2018-343.NASL", "OPENSUSE-2018-61.NASL", "OPENSUSE-2018-690.NASL", "OPENSUSE-2018-7.NASL", "OPENSUSE-2018-88.NASL", "SUSE_SU-2016-2075-1.NASL", "SUSE_SU-2016-2076-1.NASL", "SUSE_SU-2016-2667-1.NASL", "SUSE_SU-2016-2952-1.NASL", "SUSE_SU-2016-2964-1.NASL", "SUSE_SU-2016-3256-1.NASL", "SUSE_SU-2016-3258-1.NASL", "SUSE_SU-2017-0529-1.NASL", "SUSE_SU-2017-0586-1.NASL", "SUSE_SU-2017-1489-1.NASL", "SUSE_SU-2017-1599-1.NASL", "SUSE_SU-2017-2176-1.NASL", "SUSE_SU-2017-2199-1.NASL", "SUSE_SU-2017-2949-1.NASL", "SUSE_SU-2017-3168-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2018-0017-1.NASL", "SUSE_SU-2018-0043-1.NASL", "SUSE_SU-2018-0130-1.NASL", "SUSE_SU-2018-0132-1.NASL", "SUSE_SU-2018-0349-1.NASL", "SUSE_SU-2018-0350-1.NASL", "SUSE_SU-2018-0486-1.NASL", "SUSE_SU-2018-0581-1.NASL", "SUSE_SU-2018-0770-1.NASL", "SUSE_SU-2018-0857-1.NASL", "SUSE_SU-2018-0880-1.NASL", "SUSE_SU-2018-1851-1.NASL", "SUSE_SU-2018-2465-1.NASL", "SUSE_SU-2018-3808-1.NASL", "UBUNTU_USN-3131-1.NASL", "UBUNTU_USN-3142-1.NASL", "UBUNTU_USN-3222-1.NASL", "UBUNTU_USN-3302-1.NASL", "UBUNTU_USN-3363-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-3785-1.NASL", "UBUNTU_USN-4206-1.NASL", "UBUNTU_USN-4222-1.NASL", "UBUNTU_USN-4232-1.NASL", "UBUNTU_USN-5335-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107205", "OPENVAS:1361412562310107206", "OPENVAS:1361412562310107241", "OPENVAS:1361412562310703652", "OPENVAS:1361412562310703675", "OPENVAS:1361412562310703726", "OPENVAS:1361412562310703799", "OPENVAS:1361412562310703863", "OPENVAS:1361412562310703914", "OPENVAS:1361412562310704019", "OPENVAS:1361412562310704032", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704074", "OPENVAS:1361412562310704204", "OPENVAS:1361412562310704321", "OPENVAS:1361412562310810249", "OPENVAS:1361412562310810253", "OPENVAS:1361412562310810260", "OPENVAS:1361412562310810261", "OPENVAS:1361412562310810270", "OPENVAS:1361412562310810274", "OPENVAS:1361412562310810275", "OPENVAS:1361412562310810276", "OPENVAS:1361412562310810281", "OPENVAS:1361412562310810293", "OPENVAS:1361412562310810299", "OPENVAS:1361412562310810501", "OPENVAS:1361412562310810502", "OPENVAS:1361412562310810505", "OPENVAS:1361412562310810515", "OPENVAS:1361412562310810516", "OPENVAS:1361412562310810517", "OPENVAS:1361412562310810518", "OPENVAS:1361412562310810538", "OPENVAS:1361412562310810539", "OPENVAS:1361412562310810556", "OPENVAS:1361412562310810557", "OPENVAS:1361412562310810558", "OPENVAS:1361412562310810559", "OPENVAS:1361412562310810562", "OPENVAS:1361412562310810563", "OPENVAS:1361412562310810580", "OPENVAS:1361412562310810581", "OPENVAS:1361412562310842968", "OPENVAS:1361412562310843084", "OPENVAS:1361412562310843186", "OPENVAS:1361412562310843251", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310843653", "OPENVAS:1361412562310844255", "OPENVAS:1361412562310844278", "OPENVAS:1361412562310844287", "OPENVAS:1361412562310851460", "OPENVAS:1361412562310851467", "OPENVAS:1361412562310851511", "OPENVAS:1361412562310851599", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310851675", "OPENVAS:1361412562310851807", "OPENVAS:1361412562310872915", "OPENVAS:1361412562310872917", "OPENVAS:1361412562310873069", "OPENVAS:1361412562310873390", "OPENVAS:1361412562310873391", "OPENVAS:1361412562310873392", "OPENVAS:1361412562310873394", "OPENVAS:1361412562310873399", "OPENVAS:1361412562310873400", "OPENVAS:1361412562310873404", "OPENVAS:1361412562310873407", "OPENVAS:1361412562310873408", "OPENVAS:1361412562310873409", "OPENVAS:1361412562310873410", "OPENVAS:1361412562310873412", "OPENVAS:1361412562310873417", "OPENVAS:1361412562310873419", "OPENVAS:1361412562310873420", "OPENVAS:1361412562310873422", "OPENVAS:1361412562310873424", "OPENVAS:1361412562310873425", "OPENVAS:1361412562310873427", "OPENVAS:1361412562310873429", "OPENVAS:1361412562310873431", "OPENVAS:1361412562310873432", "OPENVAS:1361412562310873434", "OPENVAS:1361412562310873436", "OPENVAS:1361412562310873438", "OPENVAS:1361412562310873493", "OPENVAS:1361412562310873494", "OPENVAS:1361412562310873495", "OPENVAS:1361412562310873496", "OPENVAS:1361412562310890902", "OPENVAS:1361412562310890953", "OPENVAS:1361412562310890960", "OPENVAS:1361412562310891000", "OPENVAS:1361412562310891045", "OPENVAS:1361412562310891081", "OPENVAS:1361412562310891131", "OPENVAS:1361412562310891139", "OPENVAS:1361412562310891140", "OPENVAS:1361412562310891227", "OPENVAS:1361412562310891322", "OPENVAS:1361412562310891401", "OPENVAS:1361412562310891456", "OPENVAS:1361412562310891785", "OPENVAS:1361412562311220171112", "OPENVAS:1361412562311220171116", "OPENVAS:1361412562311220171257", "OPENVAS:1361412562311220171258", "OPENVAS:1361412562311220191970", "OPENVAS:1361412562311220192024", "OPENVAS:1361412562311220192160", "OPENVAS:1361412562311220192354", "OPENVAS:1361412562311220201390", "OPENVAS:703652", "OPENVAS:703726", "OPENVAS:703799", "OPENVAS:703863", "OPENVAS:703914"]}, {"type": "osv", "idList": ["OSV:DLA-1000-1", "OSV:DLA-1045-1", "OSV:DLA-1081-1", "OSV:DLA-1131-1", "OSV:DLA-1139-1", "OSV:DLA-1140-1", "OSV:DLA-1154-1", "OSV:DLA-1170-1", "OSV:DLA-1227-1", "OSV:DLA-1322-1", "OSV:DLA-1401-1", "OSV:DLA-1456-1", "OSV:DLA-1785-1", "OSV:DLA-2366-1", "OSV:DLA-731-1", "OSV:DLA-756-1", "OSV:DLA-807-1", "OSV:DLA-902-1", "OSV:DLA-953-1", "OSV:DLA-960-1", "OSV:DSA-3652-1", "OSV:DSA-3675-1", "OSV:DSA-3726-1", "OSV:DSA-3799-1", "OSV:DSA-3863-1", "OSV:DSA-3914-1", "OSV:DSA-4019-1", "OSV:DSA-4032-1", "OSV:DSA-4040-1", "OSV:DSA-4074-1", "OSV:DSA-4204-1", "OSV:DSA-4321-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10046", "RH:CVE-2016-10051", "RH:CVE-2016-10052", "RH:CVE-2016-10053", "RH:CVE-2016-10054", "RH:CVE-2016-10055", "RH:CVE-2016-10056", "RH:CVE-2016-10057", "RH:CVE-2016-10058", "RH:CVE-2016-10068", "RH:CVE-2016-10144", "RH:CVE-2016-10145", "RH:CVE-2016-10146", "RH:CVE-2016-5010", "RH:CVE-2016-6491", "RH:CVE-2016-6823", "RH:CVE-2016-7101", "RH:CVE-2016-7799", "RH:CVE-2016-7906", "RH:CVE-2016-8677", "RH:CVE-2016-8678", "RH:CVE-2016-8707", "RH:CVE-2016-8862", "RH:CVE-2016-8866", "RH:CVE-2016-9298", "RH:CVE-2016-9556", "RH:CVE-2016-9559", "RH:CVE-2016-9773", "RH:CVE-2017-11352", "RH:CVE-2017-11446", "RH:CVE-2017-11523", "RH:CVE-2017-11533", "RH:CVE-2017-11535", "RH:CVE-2017-11537", "RH:CVE-2017-11639", "RH:CVE-2017-11640", "RH:CVE-2017-12428", "RH:CVE-2017-12431", "RH:CVE-2017-12432", "RH:CVE-2017-12434", "RH:CVE-2017-12587", "RH:CVE-2017-12640", "RH:CVE-2017-12671", "RH:CVE-2017-12877", "RH:CVE-2017-12983", "RH:CVE-2017-13134", "RH:CVE-2017-13139", "RH:CVE-2017-13140", "RH:CVE-2017-13141", "RH:CVE-2017-13142", "RH:CVE-2017-13143", "RH:CVE-2017-13144", "RH:CVE-2017-13145", "RH:CVE-2017-13758", "RH:CVE-2017-13768", "RH:CVE-2017-13769", "RH:CVE-2017-14224", "RH:CVE-2017-14607", "RH:CVE-2017-14682", "RH:CVE-2017-14741", "RH:CVE-2017-14989", "RH:CVE-2017-15277", "RH:CVE-2017-16546", "RH:CVE-2017-17499", "RH:CVE-2017-17504", "RH:CVE-2017-17879", "RH:CVE-2017-18220", "RH:CVE-2017-5506", "RH:CVE-2017-5507", "RH:CVE-2017-5508", "RH:CVE-2017-5509", "RH:CVE-2017-5510", "RH:CVE-2017-5511", "RH:CVE-2017-7275", "RH:CVE-2017-7606", "RH:CVE-2017-7619", "RH:CVE-2017-7941", "RH:CVE-2017-7942", "RH:CVE-2017-7943", "RH:CVE-2017-8343", "RH:CVE-2017-8344", "RH:CVE-2017-8345", "RH:CVE-2017-8346", "RH:CVE-2017-8347", "RH:CVE-2017-8348", "RH:CVE-2017-8349", "RH:CVE-2017-8350", "RH:CVE-2017-8351", "RH:CVE-2017-8352", "RH:CVE-2017-8353", "RH:CVE-2017-8354", "RH:CVE-2017-8355", "RH:CVE-2017-8356", "RH:CVE-2017-8357", "RH:CVE-2017-8765", "RH:CVE-2017-8830", "RH:CVE-2017-9098", "RH:CVE-2017-9141", "RH:CVE-2017-9142", "RH:CVE-2017-9143", "RH:CVE-2017-9144", "RH:CVE-2017-9439", "RH:CVE-2017-9440", "RH:CVE-2017-9500", "RH:CVE-2017-9501"]}, {"type": "seebug", "idList": ["SSV:92569"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3060-1", "OPENSUSE-SU-2016:3233-1", "OPENSUSE-SU-2017:0023-1", "OPENSUSE-SU-2017:2271-1", "OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3420-1", "OPENSUSE-SU-2018:0025-1", "OPENSUSE-SU-2018:1860-1", "SUSE-SU-2016:2964-1", "SUSE-SU-2016:3258-1", "SUSE-SU-2017:2176-1", "SUSE-SU-2017:2199-1", "SUSE-SU-2017:2229-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1", "SUSE-SU-2017:3435-1", "SUSE-SU-2018:0017-1"]}, {"type": "talos", "idList": ["TALOS-2016-0216"]}, {"type": "thn", "idList": ["THN:3793B5D6592D67AE6A99464781A75D55"]}, {"type": "ubuntu", "idList": ["USN-3131-1", "USN-3142-1", "USN-3222-1", "USN-3302-1", "USN-3363-1", "USN-3681-1", "USN-3785-1", "USN-4206-1", "USN-4222-1", "USN-4232-1", "USN-5335-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10046", "UB:CVE-2016-10051", "UB:CVE-2016-10052", "UB:CVE-2016-10053", "UB:CVE-2016-10054", "UB:CVE-2016-10055", "UB:CVE-2016-10056", "UB:CVE-2016-10057", "UB:CVE-2016-10058", "UB:CVE-2016-10068", "UB:CVE-2016-10144", "UB:CVE-2016-10145", "UB:CVE-2016-10146", "UB:CVE-2016-5010", "UB:CVE-2016-6491", "UB:CVE-2016-6823", "UB:CVE-2016-7101", "UB:CVE-2016-7799", "UB:CVE-2016-7906", "UB:CVE-2016-8677", "UB:CVE-2016-8678", "UB:CVE-2016-8707", "UB:CVE-2016-8862", "UB:CVE-2016-8866", "UB:CVE-2016-9298", "UB:CVE-2016-9556", "UB:CVE-2016-9559", "UB:CVE-2016-9773", "UB:CVE-2017-11166", "UB:CVE-2017-11352", "UB:CVE-2017-11403", "UB:CVE-2017-11446", "UB:CVE-2017-11523", "UB:CVE-2017-11533", "UB:CVE-2017-11535", "UB:CVE-2017-11537", "UB:CVE-2017-11639", "UB:CVE-2017-11640", "UB:CVE-2017-12428", "UB:CVE-2017-12431", "UB:CVE-2017-12432", "UB:CVE-2017-12434", "UB:CVE-2017-12587", "UB:CVE-2017-12640", "UB:CVE-2017-12671", "UB:CVE-2017-12877", "UB:CVE-2017-12983", "UB:CVE-2017-13134", "UB:CVE-2017-13139", "UB:CVE-2017-13140", "UB:CVE-2017-13141", "UB:CVE-2017-13142", "UB:CVE-2017-13143", "UB:CVE-2017-13144", "UB:CVE-2017-13145", "UB:CVE-2017-13758", "UB:CVE-2017-13768", "UB:CVE-2017-13769", "UB:CVE-2017-14103", "UB:CVE-2017-14224", "UB:CVE-2017-14607", "UB:CVE-2017-14682", "UB:CVE-2017-14741", "UB:CVE-2017-14989", "UB:CVE-2017-15277", "UB:CVE-2017-16546", "UB:CVE-2017-17499", "UB:CVE-2017-17504", "UB:CVE-2017-17879", "UB:CVE-2017-18220", "UB:CVE-2017-5506", "UB:CVE-2017-5507", "UB:CVE-2017-5508", "UB:CVE-2017-5509", "UB:CVE-2017-5510", "UB:CVE-2017-5511", "UB:CVE-2017-7275", "UB:CVE-2017-7606", "UB:CVE-2017-7619", "UB:CVE-2017-7941", "UB:CVE-2017-7942", "UB:CVE-2017-7943", "UB:CVE-2017-8343", "UB:CVE-2017-8344", "UB:CVE-2017-8345", "UB:CVE-2017-8346", "UB:CVE-2017-8347", "UB:CVE-2017-8348", "UB:CVE-2017-8349", "UB:CVE-2017-8350", "UB:CVE-2017-8351", "UB:CVE-2017-8352", "UB:CVE-2017-8353", "UB:CVE-2017-8354", "UB:CVE-2017-8355", "UB:CVE-2017-8356", "UB:CVE-2017-8357", "UB:CVE-2017-8765", "UB:CVE-2017-8830", "UB:CVE-2017-9098", "UB:CVE-2017-9141", "UB:CVE-2017-9142", "UB:CVE-2017-9143", "UB:CVE-2017-9144", "UB:CVE-2017-9439", "UB:CVE-2017-9440", "UB:CVE-2017-9500", "UB:CVE-2017-9501"]}, {"type": "veracode", "idList": ["VERACODE:26995", "VERACODE:3361", "VERACODE:3384", "VERACODE:3635", "VERACODE:3674", "VERACODE:3677", "VERACODE:3680", "VERACODE:3752", "VERACODE:3753", "VERACODE:3754", "VERACODE:3757", "VERACODE:3758", "VERACODE:3759", "VERACODE:3762", "VERACODE:3763", "VERACODE:3765", "VERACODE:3786", "VERACODE:3821", "VERACODE:3835", "VERACODE:3866", "VERACODE:3883", "VERACODE:3916", "VERACODE:3930", "VERACODE:3931", "VERACODE:3932", "VERACODE:3936", "VERACODE:4044", "VERACODE:4045", "VERACODE:4046", "VERACODE:4047", "VERACODE:4048", "VERACODE:4049", "VERACODE:4050", "VERACODE:4051", "VERACODE:4054", "VERACODE:4056", "VERACODE:4058", "VERACODE:4059", "VERACODE:4060", "VERACODE:4199", "VERACODE:4202", "VERACODE:4206", "VERACODE:4266", "VERACODE:4273", "VERACODE:4274", "VERACODE:4275", "VERACODE:4276", "VERACODE:4380", "VERACODE:4399", "VERACODE:4583", "VERACODE:4598", "VERACODE:4630", "VERACODE:4639", "VERACODE:4640", "VERACODE:4641", "VERACODE:4751", "VERACODE:4752", "VERACODE:4863", "VERACODE:4866", "VERACODE:4867", "VERACODE:4869", "VERACODE:4875", "VERACODE:4878", "VERACODE:4887", "VERACODE:4932", "VERACODE:4956", "VERACODE:4957", "VERACODE:4958", "VERACODE:4961", "VERACODE:4982", "VERACODE:5041", "VERACODE:5174", "VERACODE:5220", "VERACODE:5268", "VERACODE:5274", "VERACODE:5378", "VERACODE:5558", "VERACODE:5588", "VERACODE:5606", "VERACODE:6318", "VERACODE:6770"]}]}, "epss": [{"cve": "CVE-2016-10046", "epss": 0.00266, "percentile": 0.62671, "modified": "2023-05-02"}, {"cve": "CVE-2016-10051", "epss": 0.0054, "percentile": 0.73918, "modified": "2023-05-02"}, {"cve": "CVE-2016-10052", "epss": 0.00592, "percentile": 0.75113, "modified": "2023-05-02"}, {"cve": "CVE-2016-10053", "epss": 0.00595, "percentile": 0.75168, "modified": "2023-05-02"}, {"cve": "CVE-2016-10054", "epss": 0.00476, "percentile": 0.72116, "modified": "2023-05-02"}, {"cve": "CVE-2016-10055", "epss": 0.00476, "percentile": 0.72116, "modified": "2023-05-02"}, {"cve": "CVE-2016-10056", "epss": 0.00599, "percentile": 0.7524, "modified": "2023-05-02"}, {"cve": "CVE-2016-10057", "epss": 0.00476, "percentile": 0.72116, "modified": "2023-05-02"}, {"cve": "CVE-2016-10058", "epss": 0.00595, "percentile": 0.75168, "modified": "2023-05-02"}, {"cve": "CVE-2016-10068", "epss": 0.00441, "percentile": 0.71066, "modified": "2023-05-02"}, {"cve": "CVE-2016-10144", "epss": 0.01204, "percentile": 0.83143, "modified": "2023-05-02"}, {"cve": "CVE-2016-10145", "epss": 0.01056, "percentile": 0.81901, "modified": "2023-05-02"}, {"cve": "CVE-2016-10146", "epss": 0.01193, "percentile": 0.83058, "modified": "2023-05-02"}, {"cve": "CVE-2016-5010", "epss": 0.00343, "percentile": 0.67187, "modified": "2023-05-02"}, {"cve": "CVE-2016-6491", "epss": 0.00596, "percentile": 0.75188, "modified": "2023-05-02"}, {"cve": "CVE-2016-6823", "epss": 0.00442, "percentile": 0.7108, "modified": "2023-05-02"}, {"cve": "CVE-2016-7101", "epss": 0.00519, "percentile": 0.73336, "modified": "2023-05-02"}, {"cve": "CVE-2016-7799", "epss": 0.11482, "percentile": 0.94365, "modified": "2023-05-01"}, {"cve": "CVE-2016-7906", "epss": 0.01027, "percentile": 0.81635, "modified": "2023-05-01"}, {"cve": "CVE-2016-8677", "epss": 0.00619, "percentile": 0.75715, "modified": "2023-05-02"}, {"cve": "CVE-2016-8678", "epss": 0.0051, "percentile": 0.73122, "modified": "2023-05-02"}, {"cve": "CVE-2016-8707", "epss": 0.00921, "percentile": 0.80621, "modified": "2023-05-02"}, {"cve": "CVE-2016-8862", "epss": 0.01075, "percentile": 0.82119, "modified": "2023-05-01"}, {"cve": "CVE-2016-8866", "epss": 0.00561, "percentile": 0.74383, "modified": "2023-05-02"}, {"cve": "CVE-2016-9298", "epss": 0.00627, "percentile": 0.75867, "modified": "2023-05-02"}, {"cve": "CVE-2016-9556", "epss": 0.01144, "percentile": 0.82661, "modified": "2023-05-02"}, {"cve": "CVE-2016-9559", "epss": 0.01511, "percentile": 0.84992, "modified": "2023-05-02"}, {"cve": "CVE-2016-9773", "epss": 0.00318, "percentile": 0.66003, "modified": "2023-05-02"}, {"cve": "CVE-2017-11352", "epss": 0.0034, "percentile": 0.67079, "modified": "2023-05-02"}, {"cve": "CVE-2017-11403", "epss": 0.19707, "percentile": 0.95556, "modified": "2023-05-01"}, {"cve": "CVE-2017-11446", "epss": 0.00168, "percentile": 0.52131, "modified": "2023-05-02"}, {"cve": "CVE-2017-11523", "epss": 0.01313, "percentile": 0.83917, "modified": "2023-05-02"}, {"cve": "CVE-2017-11533", "epss": 0.00172, "percentile": 0.52771, "modified": "2023-05-01"}, {"cve": "CVE-2017-11535", "epss": 0.00172, "percentile": 0.52775, "modified": "2023-05-02"}, {"cve": "CVE-2017-11537", "epss": 0.00172, "percentile": 0.52775, "modified": "2023-05-02"}, {"cve": "CVE-2017-11639", "epss": 0.00269, "percentile": 0.6287, "modified": "2023-05-02"}, {"cve": "CVE-2017-11640", "epss": 0.00366, "percentile": 0.68271, "modified": "2023-05-02"}, {"cve": "CVE-2017-12428", "epss": 0.00142, "percentile": 0.48535, "modified": "2023-05-02"}, {"cve": "CVE-2017-12431", "epss": 0.00178, "percentile": 0.53484, "modified": "2023-05-02"}, {"cve": "CVE-2017-12432", "epss": 0.00178, "percentile": 0.53484, "modified": "2023-05-02"}, {"cve": "CVE-2017-12434", "epss": 0.00064, "percentile": 0.26166, "modified": "2023-05-02"}, {"cve": "CVE-2017-12587", "epss": 0.00215, "percentile": 0.58001, "modified": "2023-05-02"}, {"cve": "CVE-2017-12640", "epss": 0.00534, "percentile": 0.73729, "modified": "2023-05-02"}, {"cve": "CVE-2017-12671", "epss": 0.00064, "percentile": 0.26166, "modified": "2023-05-02"}, {"cve": "CVE-2017-12877", "epss": 0.03594, "percentile": 0.9027, "modified": "2023-05-02"}, {"cve": "CVE-2017-12983", "epss": 0.00571, "percentile": 0.74629, "modified": "2023-05-02"}, {"cve": "CVE-2017-13134", "epss": 0.00393, "percentile": 0.69424, "modified": "2023-05-02"}, {"cve": "CVE-2017-13139", "epss": 0.00995, "percentile": 0.81358, "modified": "2023-05-02"}, {"cve": "CVE-2017-13140", "epss": 0.00296, "percentile": 0.64728, "modified": "2023-05-02"}, {"cve": "CVE-2017-13141", "epss": 0.00181, "percentile": 0.53887, "modified": "2023-05-02"}, {"cve": "CVE-2017-13142", "epss": 0.00414, "percentile": 0.70171, "modified": "2023-05-02"}, {"cve": "CVE-2017-13143", "epss": 0.00471, "percentile": 0.71967, "modified": "2023-05-02"}, {"cve": "CVE-2017-13144", "epss": 0.00253, "percentile": 0.61632, "modified": "2023-05-02"}, {"cve": "CVE-2017-13145", "epss": 0.00973, "percentile": 0.81139, "modified": "2023-05-02"}, {"cve": "CVE-2017-13758", "epss": 0.00503, "percentile": 0.72921, "modified": "2023-05-02"}, {"cve": "CVE-2017-13768", "epss": 0.00677, "percentile": 0.76931, "modified": "2023-05-01"}, {"cve": "CVE-2017-13769", "epss": 0.00339, "percentile": 0.67036, "modified": "2023-05-02"}, {"cve": "CVE-2017-14224", "epss": 0.01544, "percentile": 0.85173, "modified": "2023-05-02"}, {"cve": "CVE-2017-14607", "epss": 0.00507, "percentile": 0.73055, "modified": "2023-05-02"}, {"cve": "CVE-2017-14682", "epss": 0.00714, "percentile": 0.77651, "modified": "2023-05-02"}, {"cve": "CVE-2017-14741", "epss": 0.00412, "percentile": 0.70099, "modified": "2023-05-02"}, {"cve": "CVE-2017-14989", "epss": 0.00239, "percentile": 0.6042, "modified": "2023-05-02"}, {"cve": "CVE-2017-15277", "epss": 0.01436, "percentile": 0.84591, "modified": "2023-05-01"}, {"cve": "CVE-2017-16546", "epss": 0.01854, "percentile": 0.86585, "modified": "2023-05-02"}, {"cve": "CVE-2017-17499", "epss": 0.01655, "percentile": 0.85731, "modified": "2023-05-02"}, {"cve": "CVE-2017-17504", "epss": 0.00205, "percentile": 0.56937, "modified": "2023-05-02"}, {"cve": "CVE-2017-17879", "epss": 0.00707, "percentile": 0.77526, "modified": "2023-05-02"}, {"cve": "CVE-2017-5506", "epss": 0.00801, "percentile": 0.79175, "modified": "2023-05-02"}, {"cve": "CVE-2017-5507", "epss": 0.044, "percentile": 0.91128, "modified": "2023-05-02"}, {"cve": "CVE-2017-5508", "epss": 0.00619, "percentile": 0.75709, "modified": "2023-05-02"}, {"cve": "CVE-2017-5509", "epss": 0.01037, "percentile": 0.81728, "modified": "2023-05-02"}, {"cve": "CVE-2017-5510", "epss": 0.00906, "percentile": 0.80448, "modified": "2023-05-02"}, {"cve": "CVE-2017-5511", "epss": 0.01326, "percentile": 0.83988, "modified": "2023-05-02"}, {"cve": "CVE-2017-7606", "epss": 0.00485, "percentile": 0.72439, "modified": "2023-05-02"}, {"cve": "CVE-2017-7619", "epss": 0.00287, "percentile": 0.64108, "modified": "2023-05-02"}, {"cve": "CVE-2017-7941", "epss": 0.0038, "percentile": 0.68879, "modified": "2023-05-02"}, {"cve": "CVE-2017-7942", "epss": 0.00094, "percentile": 0.3861, "modified": "2023-05-02"}, {"cve": "CVE-2017-7943", "epss": 0.0038, "percentile": 0.68879, "modified": "2023-05-02"}, {"cve": "CVE-2017-8343", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8344", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8345", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8346", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8347", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8348", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8349", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8350", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8351", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8352", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8353", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8354", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8355", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8356", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8357", "epss": 0.00209, "percentile": 0.57363, "modified": "2023-05-02"}, {"cve": "CVE-2017-8765", "epss": 0.00132, "percentile": 0.4688, "modified": "2023-05-02"}, {"cve": "CVE-2017-8830", "epss": 0.00141, "percentile": 0.48466, "modified": "2023-05-02"}, {"cve": "CVE-2017-9098", "epss": 0.00287, "percentile": 0.64105, "modified": "2023-05-02"}, {"cve": "CVE-2017-9141", "epss": 0.00301, "percentile": 0.64966, "modified": "2023-05-02"}, {"cve": "CVE-2017-9142", "epss": 0.00301, "percentile": 0.64966, "modified": "2023-05-02"}, {"cve": "CVE-2017-9143", "epss": 0.00282, "percentile": 0.63799, "modified": "2023-05-02"}, {"cve": "CVE-2017-9144", "epss": 0.00217, "percentile": 0.58199, "modified": "2023-05-02"}, {"cve": "CVE-2017-9439", "epss": 0.0008, "percentile": 0.32783, "modified": "2023-05-02"}, {"cve": "CVE-2017-9440", "epss": 0.0008, "percentile": 0.32783, "modified": "2023-05-02"}, {"cve": "CVE-2017-9500", "epss": 0.00228, "percentile": 0.59531, "modified": "2023-05-02"}, {"cve": "CVE-2017-9501", "epss": 0.00169, "percentile": 0.52428, "modified": "2023-05-01"}], "vulnersScore": 2.2}, "_state": {"dependencies": 1686087756, "score": 1686069035, "epss": 0}, "_internal": {"score_hash": "3f77d81f1ef9007b0fcc6916450aade9"}, "affectedPackage": [{"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.9.6.2-1.3", "operator": "lt", "packageFilename": "converseen-0.9.6.2-1.3.mga6", "packageName": "converseen"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "1.1.0-9.2", "operator": "lt", "packageFilename": "cuneiform-linux-1.1.0-9.2.mga6", "packageName": "cuneiform-linux"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.7.2-2.2", "operator": "lt", "packageFilename": "dvdauthor-0.7.2-2.2.mga6", "packageName": "dvdauthor"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "24.5-8.3", "operator": "lt", "packageFilename": "emacs-24.5-8.3.mga6", "packageName": "emacs"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "6.9.9.41-1", "operator": "lt", "packageFilename": "imagemagick-6.9.9.41-1.mga6", "packageName": "imagemagick"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.92.1-2.2", "operator": "lt", "packageFilename": "inkscape-0.92.1-2.2.mga6", "packageName": "inkscape"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.8.0.5-5.2", "operator": "lt", "packageFilename": "k3d-0.8.0.5-5.2.mga6", "packageName": "k3d"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.0.0-2.2", "operator": "lt", "packageFilename": "kxstitch-2.0.0-2.2.mga6", "packageName": "kxstitch"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.1.8-1.2", "operator": "lt", "packageFilename": "libopenshot-0.1.8-1.2.mga6", "packageName": "libopenshot"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.03.51-17.2", "operator": "lt", "packageFilename": "ocaml-glmlite-0.03.51-17.2.mga6", "packageName": "ocaml-glmlite"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.30.0-6.2", "operator": "lt", "packageFilename": "perl-Image-SubImageFind-0.30.0-6.2.mga6", "packageName": "perl-image-subimagefind"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.0.6-3.2", "operator": "lt", "packageFilename": "pfstools-2.0.6-3.2.mga6", "packageName": "pfstools"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "3.4.1-6.2", "operator": "lt", "packageFilename": "php-imagick-3.4.1-6.2.mga6", "packageName": "php-imagick"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "1.0.9.2-10.2", "operator": "lt", "packageFilename": "php-magickwand-1.0.9.2-10.2.mga6", "packageName": "php-magickwand"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.9.8-26.2", "operator": "lt", "packageFilename": "psiconv-0.9.8-26.2.mga6", "packageName": "psiconv"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.9.12-7.2", "operator": "lt", "packageFilename": "pythonmagick-0.9.12-7.2.mga6", "packageName": "pythonmagick"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "2.15.4-12.2", "operator": "lt", "packageFilename": "ruby-rmagick-2.15.4-12.2.mga6", "packageName": "ruby-rmagick"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "1.2.1-2.2", "operator": "lt", "packageFilename": "synfig-1.2.1-2.2.mga6", "packageName": "synfig"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.2.8-8.2", "operator": "lt", "packageFilename": "vdr-plugin-skinelchi-0.2.8-8.2.mga6", "packageName": "vdr-plugin-skinelchi"}, {"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "0.1.2-10.2", "operator": "lt", "packageFilename": "vdr-plugin-skinenigmang-0.1.2-10.2.mga6", "packageName": "vdr-plugin-skinenigmang"}]}

{"osv": [{"lastseen": "2022-07-21T08:24:26", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-05T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142", "CVE-2017-11533", "CVE-2017-9500", "CVE-2017-11639", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11446", "CVE-2017-13139", "CVE-2017-12434", "CVE-2017-13141", "CVE-2017-12671", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-13140", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-13145"], "modified": "2022-07-21T05:49:38", "id": "OSV:DSA-4019-1", "href": "https://osv.dev/vulnerability/DSA-4019-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:24:54", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.\n\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-05-25T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2017-7619", "CVE-2017-8354", "CVE-2017-9098", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-7606", "CVE-2017-8349", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2022-07-21T05:49:26", "id": "OSV:DSA-3863-1", "href": "https://osv.dev/vulnerability/DSA-3863-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-21T08:24:22", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-17T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-13139", "CVE-2017-12877", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-11352", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-12431", "CVE-2017-11640"], "modified": "2022-07-21T05:49:39", "id": "OSV:DSA-4040-1", "href": "https://osv.dev/vulnerability/DSA-4040-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:24:31", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u3.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-12T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769"], "modified": "2022-07-21T05:49:39", "id": "OSV:DSA-4032-1", "href": "https://osv.dev/vulnerability/DSA-4032-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:20:23", "description": "\nNumerous vulnerabilities were discovered in ImageMagick, an image\nmanipulation program. Issues include memory leaks, out of bound reads\nand missing checks.\n\n\nThis update also includes an update of the fix for [CVE-2016-8677](https://security-tracker.debian.org/tracker/CVE-2016-8677) which\nwas incomplete in the previous version.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u11.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-30T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2016-8677", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2022-08-05T05:20:03", "id": "OSV:DLA-807-1", "href": "https://osv.dev/vulnerability/DLA-807-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:20:15", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure, or the execution of\narbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR,\nSGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN,\nEPT, ICON, DDS, or ART files are processed.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n6.7.7.10-5+deb7u14.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-29T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2014-9841", "CVE-2014-8562", "CVE-2014-8716", "CVE-2017-8354", "CVE-2015-8902", "CVE-2017-9098", "CVE-2015-8901", "CVE-2015-8900", "CVE-2015-8903", "CVE-2014-8355", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-8349", "CVE-2014-8354", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2022-08-05T05:19:59", "id": "OSV:DLA-960-1", "href": "https://osv.dev/vulnerability/DLA-960-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:25:26", "description": "\nThis updates fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u5.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-09-23T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10057", "CVE-2016-10056", "CVE-2016-10054", "CVE-2016-10053", "CVE-2016-10055"], "modified": "2022-07-21T05:49:12", "id": "OSV:DSA-3675-1", "href": "https://osv.dev/vulnerability/DSA-3675-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:12:43", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u4.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/imagemagick](https://security-tracker.debian.org/tracker/imagemagick)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-12-28T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12877", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-17499"], "modified": "2022-08-10T07:12:40", "id": "OSV:DSA-4074-1", "href": "https://osv.dev/vulnerability/DSA-4074-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:18", "description": "\nThis update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-01T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2022-08-10T07:11:15", "id": "OSV:DSA-3799-1", "href": "https://osv.dev/vulnerability/DSA-3799-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T07:13:16", "description": "\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/imagemagick](https://security-tracker.debian.org/tracker/imagemagick)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-18T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533", "CVE-2017-11639", "CVE-2017-13143", "CVE-2018-5248", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-10995", "CVE-2017-11535"], "modified": "2022-08-10T07:13:08", "id": "OSV:DSA-4204-1", "href": "https://osv.dev/vulnerability/DSA-4204-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:20:11", "description": "\nTwo security vulnerabilities were discovered in imagemagick that allow\nremote attackers to cause a denial of service (application crash and\ninfinite loop) or possibly other unspecified impact via a crafted image.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u13.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-18T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7619", "CVE-2017-7606"], "modified": "2022-08-05T05:20:08", "id": "OSV:DLA-902-1", "href": "https://osv.dev/vulnerability/DLA-902-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:12:33", "description": "\nNumerous vulnerabilities were discovered in ImageMagick, an image\nmanipulation program. Issues include memory exception, heap, buffer\nand stack overflows, out of bound reads and missing checks.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u10.\n\n\nThe exact impact of the vulnerabilities is unknown, as they were\nmostly discovered through fuzzing. We still recommend that you upgrade\nyour imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-22T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7799", "CVE-2016-8707", "CVE-2016-10066", "CVE-2016-10071", "CVE-2016-10061", "CVE-2016-10067", "CVE-2016-8866", "CVE-2016-10064", "CVE-2016-10068", "CVE-2016-10063", "CVE-2016-10060", "CVE-2016-10059", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-10065", "CVE-2016-8862", "CVE-2016-10070", "CVE-2016-9559", "CVE-2016-10069"], "modified": "2022-07-21T05:54:48", "id": "OSV:DLA-756-1", "href": "https://osv.dev/vulnerability/DLA-756-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:09:59", "description": "\nSeveral issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u6.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-11-26T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7799", "CVE-2016-10066", "CVE-2016-10071", "CVE-2016-10061", "CVE-2016-10067", "CVE-2016-10064", "CVE-2016-10068", "CVE-2016-10063", "CVE-2016-10059", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-10065", "CVE-2016-8862", "CVE-2016-10070", "CVE-2016-9559", "CVE-2016-10069"], "modified": "2022-08-10T07:09:54", "id": "OSV:DSA-3726-1", "href": "https://osv.dev/vulnerability/DSA-3726-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-05-02T15:51:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4019-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 05, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533\n CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640\n\t\t CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434\n\t\t CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139\n\t\t CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143\n CVE-2017-13144 CVE-2017-13145\nDebian Bug : 870526 870491 870116 870111 870109 870106 870119\n 870105 870065 870014 869210 870067 870012 869834\n\t\t 869830 869827 868950 869728 869712 869715 869713 867778\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-05T18:09:12", "type": "debian", "title": "[SECURITY] [DSA 4019-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"], "modified": "2017-11-05T18:09:12", "id": "DEBIAN:DSA-4019-1:AFDE4", "href": "https://lists.debian.org/debian-security-announce/2017/msg00281.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-04T15:33:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3863-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7943 \n CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 \n CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 \n CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 \n CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 \n CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 \n CVE-2017-9143 CVE-2017-9144\nDebian Bug : 860736 862577 859771 859769 860734 862572 862574 862573\n 862575 862590 862589 862587 862632 862633 862634 862635\n\t\t 862636 862578 860735 862653 862637 863126 863125 863124\n\t\t 863123 862967\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-25T21:32:26", "type": "debian", "title": "[SECURITY] [DSA 3863-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-05-25T21:32:26", "id": "DEBIAN:DSA-3863-1:A45FE", "href": "https://lists.debian.org/debian-security-announce/2017/msg00123.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-05-02T15:50:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4040-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-11352 CVE-2017-11640 CVE-2017-12431\n CVE-2017-12640 CVE-2017-12877 CVE-2017-12983\n\t\t CVE-2017-13134 CVE-2017-13139 CVE-2017-13144\n\t\t CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 \n CVE-2017-14607 CVE-2017-14682 CVE-2017-14989\n\t\t CVE-2017-15277 CVE-2017-16546\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-17T22:51:42", "type": "debian", "title": "[SECURITY] [DSA 4040-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2017-11-17T22:51:42", "id": "DEBIAN:DSA-4040-1:E6366", "href": "https://lists.debian.org/debian-security-announce/2017/msg00303.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T15:51:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4032-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-12983 CVE-2017-13134 CVE-2017-13758\n CVE-2017-13769 CVE-2017-14224 CVE-2017-14607\n\t\t CVE-2017-14682 CVE-2017-14989 CVE-2017-15277\nDebian Bug : 873134 873099 878508 878507 876097 878527 876488 878562\n 878578\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u3.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-12T10:45:50", "type": "debian", "title": "[SECURITY] [DSA 4032-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277"], "modified": "2017-11-12T10:45:50", "id": "DEBIAN:DSA-4032-1:08B80", "href": "https://lists.debian.org/debian-security-announce/2017/msg00295.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:39:44", "description": " Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u11\nCVE ID : CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 \n CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511\nDebian Bug : #851485, #851483, #851380, #851383, #851382, #851381, #851376, #851374\n\nNumerous vulnerabilities were discovered in ImageMagick, an image\nmanipulation program. Issues include memory leaks, out of bound reads\nand missing checks.\n\nThis update also includes an update of the fix for CVE-2016-8677 which\nwas incomplete in the previous version.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u11.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-30T08:39:24", "type": "debian", "title": "[SECURITY] [DLA 807-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-8677", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2017-01-30T08:39:24", "id": "DEBIAN:DLA-807-1:D8162", "href": "https://lists.debian.org/debian-lts-announce/2017/01/msg00043.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T07:29:21", "description": "Package : imagemagick\nVersion : 6.7.7.10-5+deb7u14\nCVE ID : CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 \n CVE-2014-9841 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 \n CVE-2015-8903 CVE-2017-7941 CVE-2017-7943 CVE-2017-8343 \n CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 \n CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 \n CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 \n CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 \n CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 \n CVE-2017-9144\nDebian Bug : 767240 767240 768494 773834 860734 860736 862572 862574\n 862573 862575 862577 862578 862579 862587 862589 862590\n 862632 862633 862634 862635 862636 862653 862637 862967\n 863124 863125 863123 863126\n\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure, or the execution of\narbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR,\nSGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN,\nEPT, ICON, DDS, or ART files are processed.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n6.7.7.10-5+deb7u14.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-29T02:18:26", "type": "debian", "title": "[SECURITY] [DLA 960-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716", "CVE-2014-9841", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2017-7941", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-05-29T02:18:26", "id": "DEBIAN:DLA-960-1:AD3CB", "href": "https://lists.debian.org/debian-lts-announce/2017/05/msg00031.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-01T10:40:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4074-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-12877 CVE-2017-16546 CVE-2017-17499\n CVE-2017-17504 CVE-2017-17879\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\t\t \nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u4.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-12-28T09:40:05", "type": "debian", "title": "[SECURITY] [DSA 4074-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12877", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-17499"], "modified": "2017-12-28T09:40:05", "id": "DEBIAN:DSA-4074-1:AED98", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00337.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T15:55:49", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3799-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 01, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-8707 CVE-2016-10062 CVE-2016-10144\n CVE-2016-10145 CVE-2016-10146 CVE-2017-5506\n\t\t CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511\nDebian Bug : 851485 851483 851380 848139 851383 851382 851381\n 851374 851376 849439\n\nThis update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-01T22:06:44", "type": "debian", "title": "[SECURITY] [DSA 3799-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10062", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10146", "CVE-2016-8707", "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511"], "modified": "2017-03-01T22:06:44", "id": "DEBIAN:DSA-3799-1:CBEDC", "href": "https://lists.debian.org/debian-security-announce/2017/msg00052.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-30T16:31:27", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u10\nCVE ID : CVE-2016-7799 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 \n CVE-2016-9556\nDebian Bug : 840437 845206 848139 845634 845242 845243 845195 845196\n 845198 845202 845212 845213 845241 845244 845246\n\nNumerous vulnerabilities were discovered in ImageMagick, an image\nmanipulation program. Issues include memory exception, heap, buffer\nand stack overflows, out of bound reads and missing checks.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u10.\n\nThe exact impact of the vulnerabilities is unknown, as they were\nmostly discovered through fuzzing. We still recommend that you upgrade\nyour imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-22T01:52:15", "type": "debian", "title": "[SECURITY] [DLA 756-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7799", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9556"], "modified": "2016-12-22T01:52:15", "id": "DEBIAN:DLA-756-1:F14C9", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00032.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:54:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4204-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMay 18, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 \n CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248\nDebian Bug : 867748 869827 869834 870012 870065 885125 885340 886588\n\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-18T16:59:44", "type": "debian", "title": "[SECURITY] [DSA 4204-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10995", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11639", "CVE-2017-13143", "CVE-2017-17504", "CVE-2017-17879", "CVE-2018-5248"], "modified": "2018-05-18T16:59:44", "id": "DEBIAN:DSA-4204-1:1D5FF", "href": "https://lists.debian.org/debian-security-announce/2018/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-03T15:34:03", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4204-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMay 18, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 \n CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248\nDebian Bug : 867748 869827 869834 870012 870065 885125 885340 886588\n\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-18T16:59:44", "type": "debian", "title": "[SECURITY] [DSA 4204-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10995", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11639", "CVE-2017-13143", "CVE-2017-17504", "CVE-2017-17879", "CVE-2018-5248"], "modified": "2018-05-18T16:59:44", "id": "DEBIAN:DSA-4204-1:271DB", "href": "https://lists.debian.org/debian-security-announce/2018/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:49", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3726-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nNovember 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-7799 CVE-2016-7906 CVE-2016-8677\nDebian Bug : #840437 #845195 #845196 #845198 #845202 #845206 #845212\n #845213 #845242 #845243 #845244 #845246 #840435\n\nSeveral issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-11-27T04:09:30", "type": "debian", "title": "[SECURITY] [DSA 3726-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677"], "modified": "2016-11-27T04:09:30", "id": "DEBIAN:DSA-3726-1:11C95", "href": "https://lists.debian.org/debian-security-announce/2016/msg00308.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T15:57:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3726-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nNovember 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-7799 CVE-2016-7906 CVE-2016-8677\nDebian Bug : #840437 #845195 #845196 #845198 #845202 #845206 #845212\n #845213 #845242 #845243 #845244 #845246 #840435\n\nSeveral issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-11-27T04:09:30", "type": "debian", "title": "[SECURITY] [DSA 3726-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677"], "modified": "2016-11-27T04:09:30", "id": "DEBIAN:DSA-3726-1:AB5D7", "href": "https://lists.debian.org/debian-security-announce/2016/msg00308.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-30T16:17:45", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u13\nCVE ID : CVE-2017-7606 CVE-2017-7619\nDebian Bug : 859771 859769\n\nTwo security vulnerabilities were discovered in imagemagick that allow\nremote attackers to cause a denial of service (application crash and\ninfinite loop) or possibly other unspecified impact via a crafted image.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u13.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-18T18:02:12", "type": "debian", "title": "[SECURITY] [DLA 902-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7606", "CVE-2017-7619"], "modified": "2017-04-18T18:02:12", "id": "DEBIAN:DLA-902-1:68613", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00020.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T13:38:53", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u13\nCVE ID : CVE-2017-7606 CVE-2017-7619\nDebian Bug : 859771 859769\n\nTwo security vulnerabilities were discovered in imagemagick that allow\nremote attackers to cause a denial of service (application crash and\ninfinite loop) or possibly other unspecified impact via a crafted image.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u13.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-18T18:02:12", "type": "debian", "title": "[SECURITY] [DLA 902-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7606", "CVE-2017-7619"], "modified": "2017-04-18T18:02:12", "id": "DEBIAN:DLA-902-1:DBD76", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00020.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-02T16:02:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3914-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 \n CVE-2017-10928 CVE-2017-11141 CVE-2017-11170 \n CVE-2017-11360 CVE-2017-11188\nDebian Bug : 863126 867367 867778 867721 864273 864274 867806 868264\n 868184 867810 867808 867811 867812 867896 867798 867821\n 867824 867825 867826 867893 867823 867894 867897\n\nThis updates fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,\nTGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG\nfiles are processed.\n\t\t \nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-12.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-07-18T21:42:34", "type": "debian", "title": "[SECURITY] [DSA 3914-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10928", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11360", "CVE-2017-9439", "CVE-2017-9440", "CVE-2017-9500", "CVE-2017-9501"], "modified": "2017-07-18T21:42:34", "id": "DEBIAN:DSA-3914-1:48C64", "href": "https://lists.debian.org/debian-security-announce/2017/msg00175.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4019-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-11533", "CVE-2017-9500", "CVE-2017-11639", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11446", "CVE-2017-13139", "CVE-2017-12434", "CVE-2017-13141", "CVE-2017-12671", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-13140", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-13145"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4019.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4019-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704019\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12434\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12671\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-9500\");\n script_name(\"Debian Security Advisory DSA 4019-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-05 00:00:00 +0100 (Sun, 05 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.", "cvss3": {}, "published": "2017-05-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3863-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2017-7619", "CVE-2017-8354", "CVE-2017-9098", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-7606", "CVE-2017-8349", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703863", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3863.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3863-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703863\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\", \"CVE-2017-7941\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_name(\"Debian Security Advisory DSA 3863-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-25 00:00:00 +0200 (Thu, 25 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3863.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-8\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u9\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:58:03", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.", "cvss3": {}, "published": "2017-05-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3863-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2017-7619", "CVE-2017-8354", "CVE-2017-9098", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-7606", "CVE-2017-8349", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703863", "href": "http://plugins.openvas.org/nasl.php?oid=703863", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3863.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3863-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703863);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\", \"CVE-2017-7941\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_name(\"Debian Security Advisory DSA 3863-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-25 00:00:00 +0200 (Thu, 25 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3863.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to create, edit, and compose bitmap images.\nIt can read, convert and write images in a variety of formats (over 100)\nincluding DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,\nSVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,\nshear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and B\u00e9zier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.\n\nFor the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-8\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u9\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:34:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3302-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2017-7619", "CVE-2017-8354", "CVE-2017-9098", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-7606", "CVE-2017-8349", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-7942", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843186", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-3302-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843186\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-31 06:50:30 +0200 (Wed, 31 May 2017)\");\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\", \"CVE-2017-7941\", \"CVE-2017-7942\",\n \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\",\n \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\",\n \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\",\n \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\",\n \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\",\n \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3302-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\nhandled certain malformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could exploit this to\ncause a denial of service or possibly execute code with the privileges of\nthe user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3302-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3302-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5:amd64\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5:i386\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5:amd64\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5:i386\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra:amd64\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra:i386\", ver:\"8:6.7.7.10-6ubuntu3.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7:amd64\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7:i386\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3:amd64\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3:i386\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra:amd64\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra:i386\", ver:\"8:6.9.7.4+dfsg-3ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5:amd64\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5:i386\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-7ubuntu8.6\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5:amd64\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5:i386\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-7ubuntu5.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4040-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-13139", "CVE-2017-12877", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-11352", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-12431", "CVE-2017-11640"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4040.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4040-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704040\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_name(\"Debian Security Advisory DSA 4040-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-17 00:00:00 +0100 (Fri, 17 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4040.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.", "cvss3": {}, "published": "2017-11-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4032-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4032.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4032-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704032\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\");\n script_name(\"Debian Security Advisory DSA 4032-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-12 00:00:00 +0100 (Sun, 12 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4032.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u3.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:12:12", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure, or the execution of\narbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR,\nSGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN,\nEPT, ICON, DDS, or ART files are processed.", "cvss3": {}, "published": "2018-01-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-960-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8830", "CVE-2017-9143", "CVE-2017-7943", "CVE-2014-9841", "CVE-2014-8562", "CVE-2014-8716", "CVE-2017-8354", "CVE-2015-8902", "CVE-2017-9098", "CVE-2015-8901", "CVE-2015-8900", "CVE-2015-8903", "CVE-2014-8355", "CVE-2017-8353", "CVE-2017-9144", "CVE-2017-8349", "CVE-2014-8354", "CVE-2017-8765", "CVE-2017-8350", "CVE-2017-8346", "CVE-2017-8355", "CVE-2017-8352", "CVE-2017-7941", "CVE-2017-8348", "CVE-2017-9142", "CVE-2017-8356", "CVE-2017-8345", "CVE-2017-8347", "CVE-2017-8351", "CVE-2017-8357", "CVE-2017-8343", "CVE-2017-9141", "CVE-2017-8344"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890960", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890960", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890960\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9841\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2017-7941\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-960-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00031.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n6.7.7.10-5+deb7u14.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure, or the execution of\narbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR,\nSGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN,\nEPT, ICON, DDS, or ART files are processed.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand5\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.7.7.10-5+deb7u14\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:02", "description": "Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.", "cvss3": {}, "published": "2016-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3726-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862", "CVE-2016-9559"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3726.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3726-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703726\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\",\n \"CVE-2016-9556\", \"CVE-2016-9559\");\n script_name(\"Debian Security Advisory DSA 3726-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-26 00:00:00 +0100 (Sat, 26 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3726.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:58", "description": "Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.", "cvss3": {}, "published": "2016-11-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3726-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862", "CVE-2016-9559"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703726", "href": "http://plugins.openvas.org/nasl.php?oid=703726", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3726.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3726-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703726);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\",\n \"CVE-2016-9556\", \"CVE-2016-9559\");\n script_name(\"Debian Security Advisory DSA 3726-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-26 00:00:00 +0100 (Sat, 26 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3726.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to\ncreate, edit, and compose bitmap images. It can read, convert and write images\nin a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000,\nPDF, PhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate,\nflip, mirror, rotate, scale, shear and transform images, adjust image colors,\napply various special effects, or draw text, lines, polygons, ellipses and\nBezier curves. All manipulations can be achieved through shell commands as\nwell as through an X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"Several issues have been discovered\nin ImageMagick, a popular set of programs and libraries for image manipulation.\nThese issues include several problems in memory handling that can result in a\ndenial of service attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:08", "description": "This updates fixes several vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3675-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10057", "CVE-2016-10056", "CVE-2016-10054", "CVE-2016-10053", "CVE-2016-10055"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703675", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703675", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3675.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3675-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703675\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\");\n script_name(\"Debian Security Advisory DSA 3675-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 00:00:00 +0200 (Fri, 23 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3675.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8:6.8.9.9-5+deb8u5.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This updates fixes several vulnerabilities\nin imagemagick: Various memory handling problems and cases of missing or incomplete\ninput sanitising may result in denial of service or the execution of arbitrary code\nif malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:19:02", "description": "The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-13T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10057", "CVE-2016-10056", "CVE-2016-10054", "CVE-2016-10053", "CVE-2016-10055"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810275", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810275\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\",\n \"CVE-2016-10057\");\n script_bugtraq_id(95179, 95191, 95193, 95190, 95192);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 15:10:00 +0530 (Fri, 13 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to multiple buffer overflow\n errors in files 'coders/map.c', 'coders/pdb.c', 'coders/sixel.c' and\n 'coders/tiff.c' and an unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to cause denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-8\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q4/758\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.8\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'6.9.5-8');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:39", "description": "The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10057", "CVE-2016-10056", "CVE-2016-10054", "CVE-2016-10053", "CVE-2016-10055"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810502\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\",\n \"CVE-2016-10057\");\n script_bugtraq_id(95179, 95191, 95193, 95190, 95192);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-17 15:28:04 +0530 (Tue, 17 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Multiple Denial of Service Vulnerabilities Jan17 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to multiple buffer overflow\n errors in files 'coders/map.c', 'coders/pdb.c', 'coders/sixel.c' and\n 'coders/tiff.c' and an unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to cause denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-8\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q4/758\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.8\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'6.9.5-8');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T19:02:21", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-12-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4074-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12877", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-17499"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704074", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704074", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4074-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704074\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-12877\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-17879\");\n script_name(\"Debian Security Advisory DSA 4074-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-28 00:00:00 +0100 (Thu, 28 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4074.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u4.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/imagemagick\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "description": "This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.", "cvss3": {}, "published": "2017-03-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3799-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703799", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3799.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3799-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703799\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_name(\"Debian Security Advisory DSA 3799-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-01 00:00:00 +0100 (Wed, 01 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3799.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:57:26", "description": "This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.", "cvss3": {}, "published": "2017-03-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3799-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2016-10146", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-5507"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703799", "href": "http://plugins.openvas.org/nasl.php?oid=703799", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3799.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3799-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703799);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10146\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_name(\"Debian Security Advisory DSA 3799-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-03-01 00:00:00 +0100 (Wed, 01 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3799.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite to create, edit, and compose bitmap images.\nIt can read, convert and write images in a variety of formats (over 100)\nincluding DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,\nSVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,\nshear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and B\u00e9zier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3142-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-9556", "CVE-2016-8862"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842968", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-3142-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842968\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:13 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3142-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\n handled certain malformed image files. If a user or automated system using\n ImageMagick were tricked into opening a specially crafted image, an attacker could\n exploit this to cause a denial of service or possibly execute code with the\n privileges of the user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3142-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3142-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4-extra\", ver:\"8:6.6.9.7-5ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu8.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2016-8862"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851460", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851460\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-23 05:47:19 +0100 (Fri, 23 Dec 2016)\");\n script_cve_id(\"CVE-2016-8707\", \"CVE-2016-8862\", \"CVE-2016-8866\", \"CVE-2016-9556\",\n \"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:3233-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update for ImageMagick fixes the following issues:\n\n - a maliciously crafted compressed TIFF image could cause code remote code\n execution in the convert utility in particular circumstances\n (CVE-2016-8707, boo#1014159)\n\n - a memory allocation failure was fixed (CVE-2016-8866, boo#1009318,\n follow up on CVE-2016-8862)\n\n - the identify utility could crash on maliciously crafted images\n (CVE-2016-9773, boo#1013376, follow up on CVE-2016-9556)\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3233-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5\", rpm:\"libMagick++-6_Q16-5~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo\", rpm:\"libMagick++-6_Q16-5-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2\", rpm:\"libMagickCore-6_Q16-2~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo\", rpm:\"libMagickCore-6_Q16-2-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2\", rpm:\"libMagickWand-6_Q16-2~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo\", rpm:\"libMagickWand-6_Q16-2-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-32bit\", rpm:\"libMagick++-6_Q16-5-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-5-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-32bit\", rpm:\"libMagickCore-6_Q16-2-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-2-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-32bit\", rpm:\"libMagickWand-6_Q16-2-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-2-debuginfo-32bit~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.9.8~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3222-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2017-5506", "CVE-2016-10144", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-5508", "CVE-2017-5510", "CVE-2017-5511", "CVE-2016-1016", "CVE-2017-5507"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-3222-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843084\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:41 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2016-10062\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-1016\", \"CVE-2016-8707\", \"CVE-2017-5506\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5510\", \"CVE-2017-5511\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3222-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick\n incorrectly handled certain malformed image files. If a user or automated system\n using ImageMagick were tricked into opening a specially crafted image, an\n attacker could exploit this to cause a denial of service or possibly execute\n code with the privileges of the user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3222-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3222-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu8.4\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4-extra\", ver:\"8:6.6.9.7-5ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:55:25", "description": "This update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.", "cvss3": {}, "published": "2018-05-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4204-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11533", "CVE-2017-11639", "CVE-2017-13143", "CVE-2018-5248", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-10995", "CVE-2017-11535"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4204-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704204\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11639\", \"CVE-2017-13143\",\n \"CVE-2017-17504\", \"CVE-2017-17879\", \"CVE-2018-5248\");\n script_name(\"Debian Security Advisory DSA 4204-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-18 00:00:00 +0200 (Fri, 18 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4204.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/imagemagick\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-29T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:2271-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9501", "CVE-2017-9440", "CVE-2017-11403", "CVE-2017-9439"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851599", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851599\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-29 08:06:33 +0200 (Tue, 29 Aug 2017)\");\n script_cve_id(\"CVE-2017-11403\", \"CVE-2017-9439\", \"CVE-2017-9440\", \"CVE-2017-9501\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:2271-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-9439: A memory leak was found in the function ReadPDBImage\n incoders/pdb.c (bsc#1042826)\n\n - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin\n coders/psd.c (bsc#1042812)\n\n - CVE-2017-9501: An assertion failure could cause a denial of service via\n a crafted file (bsc#1043289)\n\n - CVE-2017-11403: ReadMNGImage function in coders/png.c has an\n out-of-order CloseBlob call, resulting in a use-after-free via acrafted\n file (bsc#1049072)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2271-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~30.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~34.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:0023-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8707", "CVE-2016-8866", "CVE-2016-9773", "CVE-2016-9556", "CVE-2014-9848", "CVE-2016-9559"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851467", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851467\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-05 05:43:02 +0100 (Thu, 05 Jan 2017)\");\n script_cve_id(\"CVE-2014-9848\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9556\",\n \"CVE-2016-9559\", \"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:0023-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130]\n\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n\n * CVE-2016-8707 Possible code execution in Tiff convert utility\n [bsc#1014159]\n\n * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could\n lead to Heap overflow [bsc#1009318]\n\n * CVE-2016-9559 Possible Null pointer access found by fuzzing\n [bsc#1011136]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0023-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~27.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:19:09", "description": "The host is installed with ImageMagick\n and is prone to an use-after-free and buffer overflow vulnerabilities.", "cvss3": {}, "published": "2017-01-13T00:00:00", "type": "openvas", "title": "ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10046", "CVE-2016-10051"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810270", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810270\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-10046\", \"CVE-2016-10051\");\n script_bugtraq_id(95183, 95187);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 15:10:00 +0530 (Fri, 13 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to an use-after-free and buffer overflow vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The failure to adequately bounds-check user-supplied data before copying it to an\n insufficiently sized memory buffer.\n\n - An use-after-free error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code within the context of the application.\n Failed exploit attempts will likely cause a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-5\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q4/758\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.5\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'6.9.5-5');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:19:36", "description": "The host is installed with ImageMagick\n and is prone to an use-after-free and buffer overflow vulnerabilities.", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "openvas", "title": "ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10046", "CVE-2016-10051"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810505\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-10046\", \"CVE-2016-10051\");\n script_bugtraq_id(95183, 95187);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-17 15:33:11 +0530 (Tue, 17 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Buffer Overflow And Use-after-free Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to an use-after-free and buffer overflow vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The failure to adequately bounds-check user-supplied data before copying it to an\n insufficiently sized memory buffer.\n\n - An use-after-free error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code within the context of the application.\n Failed exploit attempts will likely cause a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.5-5\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.5-5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q4/758\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.5.5\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'6.9.5-5');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:35:53", "description": "The host is installed with ImageMagick\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2017-02-20T00:00:00", "type": "openvas", "title": "ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9773", "CVE-2016-9556"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810556\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 15:05:25 +0530 (Mon, 20 Feb 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a heap-based buffer overflow\n error in the 'IsPixelGray' function in MagickCore/pixel-accessor.h script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (out-of-bounds heap read).\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/02/11\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer == \"7.0.3.8\")\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-9');\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-05T18:39:55", "description": "The host is installed with ImageMagick\n and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9773", "CVE-2016-9556"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810558\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-9773\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 09:22:03 +0530 (Tue, 21 Feb 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick 'IsPixelGray' Function Denial of Service Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a heap-based buffer overflow\n error in the 'IsPixelGray' function in MagickCore/pixel-accessor.h script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (out-of-bounds heap read).\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version 7.0.3-8 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.3-9 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/12/02/11\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(imVer == \"7.0.3.8\")\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-9');\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:21:20", "description": "The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-23T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810517", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810517\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\");\n script_bugtraq_id(93264, 93271);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-23 18:09:22 +0530 (Mon, 23 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A memory-corruption error in 'MagickCore/profile.c' script.\n\n - An use-after-free error 'magick/attribute.c' in script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to obtain sensitive information or crash the application,\n resulting in a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.3-2\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.3-2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/01/4\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.3.2\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-2');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:19:44", "description": "The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-23T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7799", "CVE-2016-7906"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810518", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810518\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-7799\", \"CVE-2016-7906\");\n script_bugtraq_id(93264, 93271);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-23 18:35:35 +0530 (Mon, 23 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Multiple Denial of Service Vulnerabilities-01 Jan17 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A memory-corruption error in 'MagickCore/profile.c' script.\n\n - An use-after-free error 'magick/attribute.c' in script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to obtain sensitive information or crash the application,\n resulting in a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.3-2\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.3-2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa\");\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/01/4\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.3.2\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.3-2');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:07:14", "description": "Two security vulnerabilities were discovered in imagemagick that allow\nremote attackers to cause a denial of service (application crash and\ninfinite loop) or possibly other unspecified impact via a crafted image.", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-902-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7619", "CVE-2017-7606"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890902", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890902\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-902-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00020.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u13.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"summary\", value:\"Two security vulnerabilities were discovered in imagemagick that allow\nremote attackers to cause a denial of service (application crash and\ninfinite loop) or possibly other unspecified impact via a crafted image.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand5\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.7.7.10-5+deb7u13\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:21:47", "description": "This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8866", "CVE-2016-8862"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810563", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810563\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-8862\", \"CVE-2016-8866\");\n script_bugtraq_id(93794);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 13:23:30 +0530 (Tue, 21 Feb 2017)\");\n script_name(\"ImageMagick Multiple Memory Corruption Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n memory corruption error in 'AcquireMagickMemory' function in\n MagickCore/memory.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version before 7.0.3.8\n on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version 7.0.3.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/20/3\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## CVE-2016-8866 is due to an incomplete fix for CVE-2016-8862\n## CVE-2016-8862 , not fixed completely in 7.0.3.3, complete fix is in 7.0.3.8\nif(version_is_less(version:gmVer, test_version:\"7.0.3.8\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"7.0.3.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:20", "description": "This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8866", "CVE-2016-8862"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810562", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810562\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-8862\", \"CVE-2016-8866\");\n script_bugtraq_id(93794);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 10:39:33 +0530 (Tue, 21 Feb 2017)\");\n script_name(\"ImageMagick Multiple Memory Corruption Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ImageMagick\n and is prone to multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to\n a memory corruption error in 'AcquireMagickMemory' function in\n MagickCore/memory.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick version before 7.0.3.8 on\n Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version 7.0.3.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/10/20/3\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## CVE-2016-8866 is due to an incomplete fix for CVE-2016-8862\n## CVE-2016-8862 , not fixed completely in 7.0.3.3, complete fix is in 7.0.3.8\nif(version_is_less(version:gmVer, test_version:\"7.0.3.8\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"7.0.3.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:20:29", "description": "The host is installed with ImageMagick\n and is prone to code execution and denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-23T00:00:00", "type": "openvas", "title": "ImageMagick Code Execution And Denial of Service Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6823", "CVE-2016-7101"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Code Execution And Denial of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810515\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-7101\", \"CVE-2016-6823\");\n script_bugtraq_id(93181, 93158);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-23 18:09:22 +0530 (Mon, 23 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Code Execution And Denial of Service Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to code execution and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A buffer-overflow vulnerability in SGI coder, which fails to perform adequate\n boundary checks on user-supplied input.\n\n - An integer overflow in the BMP coder, which fails to adequately bounds-check\n user-supplied data before copying it into an insufficiently sized buffer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code within the context of the application.\n Failed exploit attempts will likely cause a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.2-10\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.2-10 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/09/26/3\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.2.10\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.2-10');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:22:31", "description": "The host is installed with ImageMagick\n and is prone to code execution and denial of service vulnerabilities.", "cvss3": {}, "published": "2017-01-23T00:00:00", "type": "openvas", "title": "ImageMagick Code Execution And Denial of Service Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6823", "CVE-2016-7101"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Code Execution And Denial of Service Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810516\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-7101\", \"CVE-2016-6823\");\n script_bugtraq_id(93181, 93158);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-23 18:22:51 +0530 (Mon, 23 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"ImageMagick Code Execution And Denial of Service Vulnerabilities (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to code execution and denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A buffer-overflow vulnerability in SGI coder, which fails to perform adequate\n boundary checks on user-supplied input.\n\n - An integer overflow in the BMP coder, which fails to adequately bounds-check\n user-supplied data before copying it into an insufficiently sized buffer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code within the context of the application.\n Failed exploit attempts will likely cause a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 7.0.2-10\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 7.0.2-10 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/09/26/3\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_imagemagick_detect_macosx.nasl\");\n script_mandatory_keys(\"ImageMagick/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"7.0.2.10\"))\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:'7.0.2-10');\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:32:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2160)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13146", "CVE-2016-10252", "CVE-2018-12600", "CVE-2017-13143", "CVE-2016-7539", "CVE-2017-13139", "CVE-2017-15033", "CVE-2016-10145", "CVE-2017-5509", "CVE-2017-5510", "CVE-2018-20467", "CVE-2018-16323", "CVE-2018-16328", "CVE-2018-8804", "CVE-2017-17499", "CVE-2018-16329", "CVE-2017-5507"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192160", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2160\");\n script_version(\"2020-01-23T12:37:04+0000\");\n script_cve_id(\"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-7539\", \"CVE-2017-13139\", \"CVE-2017-13143\", \"CVE-2017-13146\", \"CVE-2017-15033\", \"CVE-2017-17499\", \"CVE-2017-5507\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2018-12600\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-16329\", \"CVE-2018-20467\", \"CVE-2018-8804\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:37:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:37:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2160)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2160\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2160\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-2160 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.(CVE-2018-16329)\n\nImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.(CVE-2017-17499)\n\nIn ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.(CVE-2017-13146)\n\nIn ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.(CVE-2017-13143)\n\nIn ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.(CVE-2017-13139)\n\ncoders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5510)\n\ncoders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5509)\n\nMemory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.(CVE-2017-5507)\n\nMemory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.(CVE-2016-10252)\n\nOff-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.(CVE-2016-10145)\n\nMemory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.(CVE-2016-7539)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)\n\nReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)\n\nWriteEPTImage in coders/ept.c in ImageMa ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~3.h11.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~3.h11.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~3.h11.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~3.h11.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for imageinfo FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_imageinfo_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for imageinfo FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873420\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:47:47 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for imageinfo FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imageinfo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"imageinfo on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VCKBLZTRUJIDLAZ3QGNSZGOLWEJNDW7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"imageinfo\", rpm:\"imageinfo~0.05~27.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfigstudio_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:34:56 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_autotrace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:42 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfig FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfig_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfig FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873432\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:09:21 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfig FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfig'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfig on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GKIOVPVMFP2JAQIRGCJ6ORJL3I6OI7B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfig\", rpm:\"synfig~1.2.0~9.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_psiconv_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNV35ZHCWOWCRRB6BLFKV24YTORMLH4X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_gtatool_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:10:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32VMEM3PJFREO5A322OKICOCG3VTTOVO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ImageMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:50:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDT43G5RDSYGPIQ2RBMEGC3RXRW2ENPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.13~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ripright FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ripright_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ripright FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873391\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:07:30 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ripright FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ripright'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ripright on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LPAVN4T4OJO53IDYG56UAFXKJETIX6W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ripright\", rpm:\"ripright~0.11~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_converseen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873407\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.7.2~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_php-pecl-imagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for techne FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_techne_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for techne FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873434\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:12:19 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for techne FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'techne'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"techne on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7DJTCVESG6E2TSULF5JA6JM427TDGEZF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"techne\", rpm:\"techne~0.2.3~20.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_dmtx-utils_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:15:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dmtx-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dmtx-utils on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VST4FTGSIGVYYYTUCYFUTPBL6QNQE4SY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"dmtx-utils\", rpm:\"dmtx-utils~0.7.4~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_inkscape_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:32:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rss-glx FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rss-glx_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rss-glx FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873438\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:18:44 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rss-glx FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rss-glx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rss-glx on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJZ6NMRLOPTO2IHIEEO25SQ5Z7MWPQKK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rss-glx\", rpm:\"rss-glx~0.9.1.p~29.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for k3d FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_k3d_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for k3d FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873419\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:44:24 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for k3d FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'k3d'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"k3d on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PHOZENIVB3UVOEDNORVD5HZEPH7SZPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"k3d\", rpm:\"k3d~0.8.0.6~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vdr-scraper2vdr_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873424\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vdr-scraper2vdr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vdr-scraper2vdr on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LYDZWFUCPPZNZFWH7L5BVXQN4W3QU2F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vdr-scraper2vdr\", rpm:\"vdr-scraper2vdr~1.0.5~4.20170611git254122b.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_pfstools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:19:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vips FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873431", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vips_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vips FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873431\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:06:18 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vips FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vips'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vips on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LPLGFSY5B4L7T4MM6BRICKAEJLC245Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vips\", rpm:\"vips~8.5.8~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873412", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_rubygem-rmagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873412\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:37:53 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rmagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rmagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rmagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUOSYWB3S6UHTG2YAYRCXPBKGXTCGDE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rmagick\", rpm:\"rubygem-rmagick~2.16.0~4.fc26.2\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_perl-Image-SubImageFind_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:00:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NOWPNY5NTXIZANQ327B5JNLTVLZ3BDM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for drawtiming FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_drawtiming_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for drawtiming FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:04 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for drawtiming FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drawtiming'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drawtiming on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MNO4DLPKYAYFZKQKDGF5FS25DUJN74I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"drawtiming\", rpm:\"drawtiming~0.7.1~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_emacs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:28:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TYOQUU23FT5ZUDPTUR54NNN5JCH5SAU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_WindowMaker_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873425\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:56:58 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.8~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for kxstitch FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_kxstitch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kxstitch FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873429\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:25 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kxstitch FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kxstitch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kxstitch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLNHECMOL5F4463M4LEQJETSACMDNHBX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kxstitch\", rpm:\"kxstitch~1.2.0~9.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for q FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873394", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_q_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for q FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873394\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:13:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for q FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"q on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWCQW6OHAB26KVSQTGYVOIKEHH3ENZ4Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~29.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:39:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2016-10046", "CVE-2014-8716", "CVE-2019-7175", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2016-10052", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220192354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192354", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2354\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10052\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-7175\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:49:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2354\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-2354 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175)\n\nReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)\n\nThe DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)\n\nThe TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)\n\nThe DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564)\n\nThe ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ncoders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)\n\nMemory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)\n\nThe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:26:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851668", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851668\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-23 07:47:42 +0100 (Sat, 23 Dec 2017)\");\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\",\n \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\",\n \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\",\n \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\",\n \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\",\n \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\",\n \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n\n * CVE-2017-15930: Null Pointer dereference while transferring JPEG\n scanlines could lead to denial of service [bsc#1066003]\n\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n\n * CVE-2017-12587: User controllable large loop in the ReadPWPImage in\n coders\\pwp.c could ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3420-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00087.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-21T14:20:56", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-4019-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4019.NASL", "href": "https://www.tenable.com/plugins/nessus/104403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4019. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104403);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12434\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12671\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-9500\");\n script_xref(name:\"DSA\", value:\"4019\");\n\n script_name(english:\"Debian DSA-4019-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed image files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4019\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:15", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "nessus", "title": "Debian DSA-3863-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3863.NASL", "href": "https://www.tenable.com/plugins/nessus/100433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3863. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100433);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\", \"CVE-2017-7941\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_xref(name:\"DSA\", value:\"3863\");\n\n script_name(english:\"Debian DSA-3863-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO,\nEPT, SUN, MTV, PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG\nfiles are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3863\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u9.\n\nFor the upcoming stable distribution (stretch), these problems have\nbeen fixed in version 8:6.9.7.4+dfsg-8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:48", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-31T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : imagemagick vulnerabilities (USN-3302-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3302-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100547);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-7606\", \"CVE-2017-7619\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n script_xref(name:\"USN\", value:\"3302-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : imagemagick vulnerabilities (USN-3302-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3302-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-3ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:14", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-20T00:00:00", "type": "nessus", "title": "Debian DSA-4040-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4040.NASL", "href": "https://www.tenable.com/plugins/nessus/104684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4040. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104684);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_xref(name:\"DSA\", value:\"4040\");\n\n script_name(english:\"Debian DSA-4040-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed image files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4040\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 8:6.8.9.9-5+deb8u11.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:35", "description": "This update for ImageMagick fixes the following issues: Security issues fixed :\n\n - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075).\n\n - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation.\n As we use the librsgv implementation, we are not affected.\n\n - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872).\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985)\n\n - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982)\n\n - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983)\n\n - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988)\n\n - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989)\n\n - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991)\n\n - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977)\n\n - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976)\n\n - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:1489-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6502", "CVE-2017-7606", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1489-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1489-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100661);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6502\", \"CVE-2017-7606\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:1489-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: Security\nissues fixed :\n\n - CVE-2017-6502: Possible file-descriptor leak in\n libmagickcore that could be triggered via a specially\n crafted webp file (bsc#1028075).\n\n - CVE-2017-7943: The ReadSVGImage function in svg.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034870). Note\n that this only impacts the built-in SVG implementation.\n As we use the librsgv implementation, we are not\n affected.\n\n - CVE-2017-7942: The ReadAVSImage function in avs.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034872).\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of\n service (memory leak) via a crafted file (ReadPCDImage\n func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a\n crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a\n crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a\n crafted file (ReadJNGImage function in png.c)\n (bsc#1036985)\n\n - CVE-2017-8347: denial of service (memory leak) via a\n crafted file (ReadEXRImage func in exr.c) (bsc#1036982)\n\n - CVE-2017-8348: denial of service (memory leak) via a\n crafted file (ReadMATImage func in mat.c) (bsc#1036983)\n\n - CVE-2017-8345: denial of service (memory leak) via a\n crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a\n crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a\n crafted file (ReadPICTImage func in pict.c)\n (bsc#1036988)\n\n - CVE-2017-8354: denial of service (memory leak) via a\n crafted file (ReadBMPImage func in bmp.c) (bsc#1036989)\n\n - CVE-2017-8830: denial of service (memory leak) via a\n crafted file (ReadBMPImage func in bmp.c:1379)\n (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted\n ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8356: denial of service (memory leak) via a\n crafted file (ReadSUNImage function in sun.c)\n (bsc#1036991)\n\n - CVE-2017-8355: denial of service (memory leak) via a\n crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a\n crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-8343: denial of service (memory leak) via a\n crafted file (ReadAAIImage func in aai.c) (bsc#1036977)\n\n - CVE-2017-8357: denial of service (memory leak) via a\n crafted file (ReadEPTImage func in ept.c) (bsc#1036976)\n\n - CVE-2017-9098: uninitialized memory usage in the\n ReadRLEImage RLE decoder function coders/rle.c\n (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage\n function in coders/dds.c could lead to a denial of\n service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage\n function in coders/png.c could lead to denial of service\n (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via\n crafted .art file in ReadARTImage function in\n coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash\n in coders/rle.c could lead to a denial of service\n (crash) (bsc#1040332)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6502/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7942/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7943/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8343/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8347/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8765/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9098/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9144/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171489-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da504c68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-917=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-917=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-917=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-917=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-917=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-70.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:06", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075).\n\n - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation.\n As we use the librsgv implementation, we are not affected.\n\n - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872).\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985)\n\n - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982)\n\n - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983)\n\n - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988)\n\n - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989)\n\n - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991)\n\n - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977)\n\n - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976)\n\n - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-06-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-686)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6502", "CVE-2017-7606", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-686.NASL", "href": "https://www.tenable.com/plugins/nessus/100799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-686.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100799);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-6502\", \"CVE-2017-7606\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8343\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8347\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8356\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-686)\");\n script_summary(english:\"Check for the openSUSE-2017-686 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-6502: Possible file-descriptor leak in\n libmagickcore that could be triggered via a specially\n crafted webp file (bsc#1028075).\n\n - CVE-2017-7943: The ReadSVGImage function in svg.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034870). Note\n that this only impacts the built-in SVG implementation.\n As we use the librsgv implementation, we are not\n affected.\n\n - CVE-2017-7942: The ReadAVSImage function in avs.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034872).\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of\n service (memory leak) via a crafted file (ReadPCDImage\n func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a\n crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a\n crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a\n crafted file (ReadJNGImage function in png.c)\n (bsc#1036985)\n\n - CVE-2017-8347: denial of service (memory leak) via a\n crafted file (ReadEXRImage func in exr.c) (bsc#1036982)\n\n - CVE-2017-8348: denial of service (memory leak) via a\n crafted file (ReadMATImage func in mat.c) (bsc#1036983)\n\n - CVE-2017-8345: denial of service (memory leak) via a\n crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a\n crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a\n crafted file (ReadPICTImage func in pict.c)\n (bsc#1036988)\n\n - CVE-2017-8354: denial of service (memory leak) via a\n crafted file (ReadBMPImage func in bmp.c) (bsc#1036989)\n\n - CVE-2017-8830: denial of service (memory leak) via a\n crafted file (ReadBMPImage func in bmp.c:1379)\n (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted\n ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8356: denial of service (memory leak) via a\n crafted file (ReadSUNImage function in sun.c)\n (bsc#1036991)\n\n - CVE-2017-8355: denial of service (memory leak) via a\n crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a\n crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-8343: denial of service (memory leak) via a\n crafted file (ReadAAIImage func in aai.c) (bsc#1036977)\n\n - CVE-2017-8357: denial of service (memory leak) via a\n crafted file (ReadEPTImage func in ept.c) (bsc#1036976)\n\n - CVE-2017-9098: uninitialized memory usage in the\n ReadRLEImage RLE decoder function coders/rle.c\n (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage\n function in coders/dds.c could lead to a denial of\n service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage\n function in coders/png.c could lead to denial of service\n (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via\n crafted .art file in ReadARTImage function in\n coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash\n in coders/rle.c could lead to a denial of service\n (crash) (bsc#1040332)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1036991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1038000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:11", "description": "This update for ImageMagick fixes the following issues: This security issue was fixed :\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985)\n\n - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988)\n\n - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:1599-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9846", "CVE-2016-10050", "CVE-2017-7606", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-1599-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1599-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100908);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9846\", \"CVE-2016-10050\", \"CVE-2017-7606\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8344\", \"CVE-2017-8345\", \"CVE-2017-8346\", \"CVE-2017-8348\", \"CVE-2017-8349\", \"CVE-2017-8350\", \"CVE-2017-8351\", \"CVE-2017-8352\", \"CVE-2017-8353\", \"CVE-2017-8354\", \"CVE-2017-8355\", \"CVE-2017-8357\", \"CVE-2017-8765\", \"CVE-2017-8830\", \"CVE-2017-9098\", \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9144\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:1599-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: This security\nissue was fixed :\n\n - CVE-2017-7941: The ReadSGIImage function in sgi.c\n allowed remote attackers to consume an amount of\n available memory via a crafted file (bsc#1034876).\n\n - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of\n service (memory leak) via a crafted file (ReadPCDImage\n func in pcd.c) (bsc#1036986).\n\n - CVE-2017-8352: denial of service (memory leak) via a\n crafted file (ReadXWDImage func in xwd.c) (bsc#1036987)\n\n - CVE-2017-8349: denial of service (memory leak) via a\n crafted file (ReadSFWImage func in sfw.c) (bsc#1036984)\n\n - CVE-2017-8350: denial of service (memory leak) via a\n crafted file (ReadJNGImage function in png.c)\n (bsc#1036985)\n\n - CVE-2017-8345: denial of service (memory leak) via a\n crafted file (ReadMNGImage func in png.c) (bsc#1036980)\n\n - CVE-2017-8346: denial of service (memory leak) via a\n crafted file (ReadDCMImage func in dcm.c) (bsc#1036981)\n\n - CVE-2017-8353: denial of service (memory leak) via a\n crafted file (ReadPICTImage func in pict.c)\n (bsc#1036988)\n\n - CVE-2017-8830: denial of service (memory leak) via a\n crafted file (ReadBMPImage func in bmp.c:1379)\n (bsc#1038000)\n\n - CVE-2017-7606: denial of service (application crash) or\n possibly have unspecified other impact via a crafted\n image (bsc#1033091)\n\n - CVE-2017-8765: memory leak vulnerability via a crafted\n ICON file (ReadICONImage in coders\\icon.c) (bsc#1037527)\n\n - CVE-2017-8355: denial of service (memory leak) via a\n crafted file (ReadMTVImage func in mtv.c) (bsc#1036990)\n\n - CVE-2017-8344: denial of service (memory leak) via a\n crafted file (ReadPCXImage func in pcx.c) (bsc#1036978)\n\n - CVE-2017-9098: uninitialized memory usage in the\n ReadRLEImage RLE decoder function coders/rle.c\n (bsc#1040025)\n\n - CVE-2017-9141: Missing checks in the ReadDDSImage\n function in coders/dds.c could lead to a denial of\n service (assertion) (bsc#1040303)\n\n - CVE-2017-9142: Missing checks in theReadOneJNGImage\n function in coders/png.c could lead to denial of service\n (assertion) (bsc#1040304)\n\n - CVE-2017-9143: A possible denial of service attack via\n crafted .art file in ReadARTImage function in\n coders/art.c (bsc#1040306)\n\n - CVE-2017-9144: A crafted RLE image can trigger a crash\n in coders/rle.c could lead to a denial of service\n (crash) (bsc#1040332)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9846/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10050/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7942/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7943/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8765/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9098/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9144/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171599-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?693ab236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13152=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13152=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13152=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.77.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:13", "description": "The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.8-10 or 7.x prior to 7.0.5-9. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the ReadRLEImage() function within file coders/rle.c when reading image color maps due to issues related to a 'type unsigned char' falling outside the range of representable values. An unauthenticated, remote attacker can exploit this, via a specially crafted image, to cause a denial of service condition or possibly have other impact. (CVE-2017-7606)\n\n - An infinite loop condition exists in multiple color algorithms within file magick/enhance.c due to a floating-point rounding error. An unauthenticated, remote attacker can exploit this to consume excessive resources, resulting in a denial of service condition.\n (CVE-2017-7619)\n\n - A denial of service vulnerability exists in the ReadSGIImage() function within file coders/sgi.c when handling a specially crafted file. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-7941)\n\n - A denial of service vulnerability exists in the ReadAVSImage() function within file coders/avs.c when handling a specially crafted file. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-7942)\n\n - A denial of service vulnerability exists in the ReadSVGImage() function within file coders/svg.c when handling a specially crafted file. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-7943)\n\n - A denial of service vulnerability exists in the ReadAAIImage() function within file aai.c when handling specially crafted AAI files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8343)\n\n - A denial of service vulnerability exists in the ReadPCXImage() function within file pcx.c when handling specially crafted DCX files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8344)\n\n - A denial of service vulnerability exists in the ReadMNGImage() function within file png.c when handling specially crafted MNG files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8345)\n\n - A denial of service vulnerability exists in the ReadDCMImage() function within file dcm.c when handling specially crafted DCM files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8346)\n\n - A denial of service vulnerability exists in the ReadEXRImage() function within file exr.c when handling specially crafted EXR files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8347)\n\n - A denial of service vulnerability exists in the ReadMATImage() function within file mat.c when handling specially crafted MAT files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8348)\n\n - A denial of service vulnerability exists in the ReadSFWImage() function within file sfw.c when handling specially crafted SFW files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8349)\n\n - A denial of service vulnerability exists in the ReadJNGImage() function within file png.c when handling specially crafted JNG files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8350)\n\n - A denial of service vulnerability exists in the ReadPCDImage() function within file pcd.c when handling specially crafted PCD files. An unauthenticated, remote attacker can exploit this to consume excessive memory resources. (CVE-2017-8351)\n\n - A denial of service vulnerability exists in the ReadXWDImage() function within file coders/xwd.c when parsing XWD images. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to consume excessive memory resources. (CVE-2017-8352)\n\n - A denial of service vulnerability exists in the ReadPICTImage() function within file coders/pict.c when parsing PICT images. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to consume excessive memory resources. (CVE-2017-8353)\n\n - A denial of service vulnerability exists in the ReadBMPImage() function within file coders/bmp.c when parsing BMP images. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to consume excessive memory resources. (CVE-2017-8354)\n\n - A denial of service vulnerability exists in the ReadMTVImage() function within file coders/mtv.c when parsing MTV images. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to consume excessive memory resources. (CVE-2017-8355)\n\n - A denial of service vulnerability exists in the ReadSUNImage() function within file coders/sun.c when parsing SUN images. An unauthentica

Updated imagemagick packages fix security vulnerabilities

Description

Affected Package

Related