Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2281.NASLHistoryNov 27, 2019 - 12:00 a.m.
EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2019-2281)
2019-11-2700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
6.5 Medium
AI Score
Confidence
High
According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.(CVE-2019-13137)
-
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.(CVE-2019-13134)
-
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.(CVE-2019-13133)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131347);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");
script_cve_id("CVE-2019-13133", "CVE-2019-13134", "CVE-2019-13137");
script_name(english:"EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2019-2281)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ImageMagick packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- ImageMagick before 7.0.8-50 has a memory leak
vulnerability in the function ReadPSImage in
coders/ps.c.(CVE-2019-13137)
- ImageMagick before 7.0.8-50 has a memory leak
vulnerability in the function ReadVIFFImage in
coders/viff.c.(CVE-2019-13134)
- ImageMagick before 7.0.8-50 has a memory leak
vulnerability in the function ReadBMPImage in
coders/bmp.c.(CVE-2019-13133)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2281
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81a42f90");
script_set_attribute(attribute:"solution", value:
"Update the affected ImageMagick packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13137");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-c++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-perl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["ImageMagick-6.9.9.38-3.h9.eulerosv2r8",
"ImageMagick-c++-6.9.9.38-3.h9.eulerosv2r8",
"ImageMagick-libs-6.9.9.38-3.h9.eulerosv2r8",
"ImageMagick-perl-6.9.9.38-3.h9.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | imagemagick | p-cpe:/a:huawei:euleros:imagemagick |
| huawei | euleros | imagemagick-c%2b%2b | p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b |
| huawei | euleros | imagemagick-libs | p-cpe:/a:huawei:euleros:imagemagick-libs |
| huawei | euleros | imagemagick-perl | p-cpe:/a:huawei:euleros:imagemagick-perl |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2281)
2020-01-23 00:00:00
ImageMagick <= 7.0.8-49 Multiple Vulnerabilities - Windows
2019-08-12 00:00:00
ImageMagick <= 7.0.8-49 Multiple Vulnerabilities - Linux
2019-08-12 00:00:00
ibm
ibm
debiancve
debiancve
cve
cve
osv
osv
redhatcve
redhatcve
prion
prion
Memory corruption
2019-07-01 20:15:00
Memory corruption
2019-07-01 20:15:00
Memory corruption
2019-07-01 20:15:00
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:26:21
Memory Leaks
2020-04-01 00:39:03
Denial Of Service (DoS)
2019-07-02 01:39:34
ubuntucve
ubuntucve
alpinelinux
alpinelinux
nessus
nessus
ImageMagick < 7.0.8-56 Multiple vulnerabilities
2019-07-26 00:00:00
EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2020-2349)
2020-11-03 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2019-1983)
2019-08-22 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2019-08-21 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-11-14 00:00:00
cloudfoundry
cloudfoundry
USN-4192-1: ImageMagick vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
amazon
amazon
Medium: php56-pecl-imagick
2023-08-21 12:14:00
Medium: php55-pecl-imagick
2023-08-21 12:14:00
Important: ImageMagick
2024-01-19 01:51:00
debian
debian
[SECURITY] [DSA 4712-1] imagemagick security update
2020-06-30 20:31:53
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
redhat
redhat