Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.ALA_ALAS-2017-820.NASL
HistoryApr 21, 2017 - 12:00 a.m.

Amazon Linux AMI : GraphicsMagick (ALAS-2017-820)

2017-04-2100:00:00
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
www.tenable.com
14
JSON

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.(CVE-2017-6335)

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.(CVE-2016-7997)

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. (CVE-2016-7996 )

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a ‘file truncation error for corrupt file.’ (CVE-2016-8684)

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. (CVE-2016-8682)

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a ‘file truncation error for corrupt file.’ (CVE-2016-8683)

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. (CVE-2016-9830)

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. (CVE-2016-7800 )

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-820.
#

include("compat.inc");

if (description)
{
  script_id(99533);
  script_version("3.2");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-9830", "CVE-2017-6335");
  script_xref(name:"ALAS", value:"2017-820");

  script_name(english:"Amazon Linux AMI : GraphicsMagick (ALAS-2017-820)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The QuantumTransferMode function in coders/tiff.c in GraphicsMagick
1.3.25 and earlier allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a small samples
per pixel value in a CMYKA TIFF file.(CVE-2017-6335)

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows
remote attackers to cause a denial of service (assertion failure and
crash) via vectors related to a ReferenceBlob and a NULL
pointer.(CVE-2016-7997)

Heap-based buffer overflow in the WPG format reader in GraphicsMagick
1.3.25 and earlier allows remote attackers to have unspecified impact
via a colormap with a large number of entries. (CVE-2016-7996 )

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25
allows remote attackers to have unspecified impact via a crafted
image, which triggers a memory allocation failure and a 'file
truncation error for corrupt file.' (CVE-2016-8684)

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25
allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted SCT header. (CVE-2016-8682)

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25
allows remote attackers to have unspecified impact via a crafted
image, which triggers a memory allocation failure and a 'file
truncation error for corrupt file.' (CVE-2016-8683)

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows
remote attackers to cause a denial of service (crash) via large
dimensions in a jpeg image. (CVE-2016-9830)

Integer underflow in the parse8BIM function in coders/meta.c in
GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a
denial of service (application crash) via a crafted 8BIM chunk, which
triggers a heap-based buffer overflow. (CVE-2016-7800 )"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-820.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update GraphicsMagick' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-c++");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-c++-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-c++-devel-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-debuginfo-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-devel-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-doc-1.3.25-6.10.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"GraphicsMagick-perl-1.3.25-6.10.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc");
}
VendorProductVersionCPE
amazonlinuxgraphicsmagick-docp-cpe:/a:amazon:linux:graphicsmagick-doc
amazonlinuxgraphicsmagick-perlp-cpe:/a:amazon:linux:graphicsmagick-perl
amazonlinuxcpe:/o:amazon:linux
amazonlinuxgraphicsmagickp-cpe:/a:amazon:linux:graphicsmagick
amazonlinuxgraphicsmagick-c%2b%2bp-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b
amazonlinuxgraphicsmagick-c%2b%2b-develp-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b-devel
amazonlinuxgraphicsmagick-debuginfop-cpe:/a:amazon:linux:graphicsmagick-debuginfo
amazonlinuxgraphicsmagick-develp-cpe:/a:amazon:linux:graphicsmagick-devel

Related

amazon 1
openvas 9
fedora 2
nessus 18
osv 4
debian 5
mageia 3
freebsd 1
debiancve 8
prion 8
alpinelinux 8
ubuntucve 8
cve 8
veracode 1
redhatcve 1
suse 3
ubuntu 1
amazon
amazon
Medium: GraphicsMagick
2017-04-20 06:08:00
openvas
openvas
Fedora Update for GraphicsMagick FEDORA-2017-d2bab54ac9
2017-03-13 00:00:00
Fedora Update for GraphicsMagick FEDORA-2017-c71a0f40f0
2017-03-09 00:00:00
GraphicsMagick Memory Corruption And Buffer Overflow Vulnerabilities (Windows)
2017-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.25-6.fc25
2017-03-09 13:24:51
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.25-6.fc24
2017-03-11 11:52:39
nessus
nessus
Fedora 25 : GraphicsMagick (2017-c71a0f40f0)
2017-03-10 00:00:00
Debian DLA-683-1 : graphicsmagick security update
2016-10-27 00:00:00
Fedora 24 : GraphicsMagick (2017-d2bab54ac9)
2017-03-13 00:00:00
osv
osv
graphicsmagick - security update
2016-10-26 00:00:00
graphicsmagick - security update
2016-12-24 00:00:00
graphicsmagick - security update
2016-10-11 00:00:00
debian
debian
[SECURITY] [DLA 683-1] graphicsmagick security update
2016-10-26 22:34:15
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
mageia
mageia
The updated packages fix a security vulnerability
2016-10-08 23:18:54
Updated graphicsmagick packages fix security vulnerabilities
2017-07-30 18:58:51
Updated graphicsmagick packages fix security vulnerability
2016-10-26 02:11:42
freebsd
freebsd
GraphicsMagick -- multiple vulnerabilities
2017-07-04 00:00:00
debiancve
debiancve
CVE-2016-7997
2017-01-18 17:59:00
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-9830
2017-03-01 20:59:00
prion
prion
Design/Logic Flaw
2017-03-01 20:59:00
Heap overflow
2017-01-18 17:59:00
Out-of-bounds
2017-02-15 19:59:00
alpinelinux
alpinelinux
CVE-2016-9830
2017-03-01 20:59:00
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-7997
2017-01-18 17:59:00
ubuntucve
ubuntucve
CVE-2016-9830
2017-03-01 00:00:00
CVE-2016-7996
2017-01-18 00:00:00
CVE-2016-7997
2017-01-18 00:00:00
cve
cve
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-9830
2017-03-01 20:59:00
CVE-2016-7997
2017-01-18 17:59:00
veracode
veracode
Denial Of Service (DoS) Through Heap Out-of-bounds Read
2017-03-17 07:33:38
redhatcve
redhatcve
CVE-2017-6335
2017-03-01 16:20:19
suse
suse
Security update for GraphicsMagick (important)
2016-12-08 18:09:17
Security update for ImageMagick (important)
2016-12-01 18:07:53
Security update for GraphicsMagick (important)
2017-12-27 15:08:30
ubuntu
ubuntu
GraphicsMagick vulnerabilities
2019-12-02 00:00:00
JSON
Related for ALA_ALAS-2017-820.NASL
amazon1openvas9fedora2nessus18osv4debian5mageia3freebsd1debiancve8prion8alpinelinux8ubuntucve8cve8veracode1redhatcve1suse3ubuntu1