According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131846);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/09");
script_cve_id(
"CVE-2014-8354",
"CVE-2014-8355",
"CVE-2014-8562",
"CVE-2014-8716",
"CVE-2014-9821",
"CVE-2014-9822",
"CVE-2014-9823",
"CVE-2014-9824",
"CVE-2014-9825",
"CVE-2014-9837",
"CVE-2014-9852",
"CVE-2014-9853",
"CVE-2014-9854",
"CVE-2014-9907",
"CVE-2015-8900",
"CVE-2015-8901",
"CVE-2015-8902",
"CVE-2015-8903",
"CVE-2015-8957",
"CVE-2015-8958",
"CVE-2016-10046",
"CVE-2016-10047",
"CVE-2016-10049",
"CVE-2016-10052",
"CVE-2016-10053",
"CVE-2016-10054",
"CVE-2016-10055",
"CVE-2016-10056",
"CVE-2016-10057",
"CVE-2016-10058",
"CVE-2016-10059",
"CVE-2016-10060",
"CVE-2016-10061",
"CVE-2016-10062",
"CVE-2016-10063",
"CVE-2016-10064",
"CVE-2016-10065",
"CVE-2016-10066",
"CVE-2016-10067",
"CVE-2016-10068",
"CVE-2016-10069",
"CVE-2016-10070",
"CVE-2016-10071",
"CVE-2016-10144",
"CVE-2016-10145",
"CVE-2016-10252",
"CVE-2016-4562",
"CVE-2016-4563",
"CVE-2016-4564",
"CVE-2016-5687",
"CVE-2016-5688",
"CVE-2016-5689",
"CVE-2016-5690",
"CVE-2016-5691",
"CVE-2016-6491",
"CVE-2016-6823",
"CVE-2016-7101",
"CVE-2016-7515",
"CVE-2016-7516",
"CVE-2016-7517",
"CVE-2016-7518",
"CVE-2016-7519",
"CVE-2016-7520",
"CVE-2016-7525",
"CVE-2016-7526",
"CVE-2016-7528",
"CVE-2016-7529",
"CVE-2016-7530",
"CVE-2016-7531",
"CVE-2016-7533",
"CVE-2016-7534",
"CVE-2016-7539",
"CVE-2016-7799",
"CVE-2016-7906",
"CVE-2016-8677",
"CVE-2016-8707",
"CVE-2016-8866",
"CVE-2016-9559",
"CVE-2017-11478",
"CVE-2017-11505",
"CVE-2017-11523",
"CVE-2017-11524",
"CVE-2017-11525",
"CVE-2017-11526",
"CVE-2017-11527",
"CVE-2017-11528",
"CVE-2017-11529",
"CVE-2017-11530",
"CVE-2017-12427",
"CVE-2017-13139",
"CVE-2017-13140",
"CVE-2017-13141",
"CVE-2017-13142",
"CVE-2017-13143",
"CVE-2017-13144",
"CVE-2017-13145",
"CVE-2017-13146",
"CVE-2017-13658",
"CVE-2017-17499",
"CVE-2017-17504",
"CVE-2017-5507",
"CVE-2017-5508",
"CVE-2017-5509",
"CVE-2017-5510",
"CVE-2017-6497",
"CVE-2017-6498",
"CVE-2017-6499",
"CVE-2017-6500",
"CVE-2017-6501",
"CVE-2017-6502",
"CVE-2017-7941",
"CVE-2017-7942",
"CVE-2017-7943",
"CVE-2018-16323",
"CVE-2018-16328",
"CVE-2018-20467",
"CVE-2018-6405",
"CVE-2019-7175"
);
script_bugtraq_id(
70830,
70837,
70839,
70992
);
script_name(english:"EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ImageMagick packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- ImageMagick is an image display and manipulation tool
for the X Window System. ImageMagick can read and write
JPEG, TIFF, PNM, GIF,and Photo CD image formats. It can
resize, rotate, sharpen, color reduce, or add special
effects to an image, and when finished you can either
save the completed work in the original format or a
different one. ImageMagick also includes command line
programs for creating animated or transparent .gifs,
creating composite images, creating thumbnail images,
and more.ImageMagick is one of your choices if you need
a program to manipulate and display images. If you want
to develop your own applications which use ImageMagick
code or APIs, you need to install ImageMagick-devel as
well.Security Fix(es):In ImageMagick before 7.0.8-25,
some memory leaks exist in DecodeImage in
coders/pcd.c.(CVE-2019-7175)ReadXBMImage in
coders/xbm.c in ImageMagick before 7.0.8-9 leaves data
uninitialized when processing an XBM file that has a
negative pixel value. If the affected code is used as a
library loaded into a process that includes sensitive
information, that information sometimes can be leaked
via the image data.(CVE-2018-16323)In ImageMagick
before 7.0.8-8, a NULL pointer dereference exists in
the CheckEventLogging function in
MagickCore/log.c.(CVE-2018-16328)The DrawDashPolygon
function in MagickCore/draw.c in ImageMagick before
6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations
of certain vertices integer data, which allows remote
attackers to cause a denial of service (buffer overflow
and application crash) or possibly have unspecified
other impact via a crafted file.(CVE-2016-4562)The
TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2
mishandles the relationship between the BezierQuantum
value and certain strokes data, which allows remote
attackers to cause a denial of service (buffer overflow
and application crash) or possibly have unspecified
other impact via a crafted file.(CVE-2016-4563)The
DrawImage function in MagickCore/draw.c in ImageMagick
before 6.9.4-0 and 7.x before 7.0.1-2 makes an
incorrect function call in attempting to locate the
next token, which allows remote attackers to cause a
denial of service (buffer overflow and application
crash) or possibly have unspecified other impact via a
crafted file.(CVE-2016-4564 )The ReadCINImage function
in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x
before 7.0.6-1 allows remote attackers to cause a
denial of service (memory consumption) via a crafted
file.(CVE-2017-11525)In coders/bmp.c in ImageMagick
before 7.0.8-16, an input file can result in an
infinite loop and hang, with high CPU and memory
consumption. Remote attackers could leverage this
vulnerability to cause a denial of service via a
crafted file.(CVE-2018-20467)coders/pnm.c in
ImageMagick 6.9.0-1 Beta and earlier allows remote
attackers to cause a denial of service (crash) via a
crafted png file.(CVE-2014-9837)coders/sun.c in
ImageMagick before 6.9.0-4 Beta allows remote attackers
to cause a denial of service (out-of-bounds read and
application crash) via a crafted SUN
file.(CVE-2015-8958)Memory leak in the ReadPSDLayers
function in coders/psd.c in ImageMagick before 6.9.6-3
allows remote attackers to cause a denial of service
(memory consumption) via a crafted image
file.(CVE-2016-10058)The MSL interpreter in ImageMagick
before 6.9.6-4 allows remote attackers to cause a
denial of service (segmentation fault and application
crash) via a crafted XML file.(CVE-2016-10068)The
ReadDCMImage function in DCM reader in ImageMagick
before 6.9.4-5 and 7.x before 7.0.1-7 allows remote
attackers to have unspecified impact via vectors
involving the for statement in computing the pixel
scaling table.(CVE-2016-5690)Heap-based buffer overflow
in coders/hdr.c in ImageMagick allows remote attackers
to cause a denial of service (out-of-bounds read) via a
crafted HDR file.(CVE-2016-7520)MagickCore/profile.c in
ImageMagick before 7.0.3-2 allows remote attackers to
cause a denial of service (out-of-bounds read) via a
crafted file.(CVE-2016-7799)The ReadOneMNGImage
function in coders/png.c in ImageMagick before 6.9.9-0
and 7.x before 7.0.6-1 allows remote attackers to cause
a denial of service (large loop and CPU consumption)
via a crafted file.(CVE-2017-11526)In ImageMagick
before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage
function in coders/mat.c uses uninitialized data, which
might allow remote attackers to obtain sensitive
information from process
memory.(CVE-2017-13143)coders/psd.c in ImageMagick
allows remote attackers to have unspecified impact via
a crafted PSD file, which triggers an out-of-bounds
write.(CVE-2017-5510)In the ReadDCMImage function in
coders/dcm.c in ImageMagick before 7.0.7-23, each
redmap, greenmap, and bluemap variable can be
overwritten by a new pointer. The previous pointer is
lost, which leads to a memory leak. This allows remote
attackers to cause a denial of
service.(CVE-2018-6405)Heap-based buffer overflow in
ImageMagick allows remote attackers to have unspecified
impact via a crafted psd file, a different
vulnerability than CVE-2014-9824.(CVE-2014-9825)Buffer
overflow in ImageMagick before 6.9.0-4 Beta allows
remote attackers to cause a denial of service
(application crash) via a crafted SUN
file.(CVE-2015-8957)Buffer overflow in the
WriteGROUP4Image function in coders/tiff.c in
ImageMagick before 6.9.5-8 allows remote attackers to
cause a denial of service (application crash) or have
other unspecified impact via a crafted
file.(CVE-2016-10057)magick/memory.c in ImageMagick
before 6.9.4-5 allows remote attackers to cause a
denial of service (application crash) via vectors
involving 'too many exceptions,' which trigger a buffer
overflow.(CVE-2016-10067)The DCM reader in ImageMagick
before 6.9.4-5 and 7.x before 7.0.1-7 allows remote
attackers to have unspecified impact by leveraging lack
of NULL pointer checks.(CVE-2016-5689)The ReadRLEImage
function in coders/rle.c in ImageMagick allows remote
attackers to cause a denial of service (out-of-bounds
read) via a crafted file.(CVE-2016-7519)Memory leak in
AcquireVirtualMemory in ImageMagick before 7 allows
remote attackers to cause a denial of service (memory
consumption) via unspecified vectors.(CVE-2016-7539)The
WriteBlob function in MagickCore/blob.c in ImageMagick
before 6.9.8-10 and 7.x before 7.6.0-0 allows remote
attackers to cause a denial of service (assertion
failure and application exit) via a crafted
file.(CVE-2017-11524)In ImageMagick before 6.9.9-0 and
7.x before 7.0.6-1, a crafted PNG file could trigger a
crash because there was an insufficient check for short
files.(CVE-2017-13142)coders/psd.c in ImageMagick
allows remote attackers to have unspecified impact via
a crafted PSD file, which triggers an out-of-bounds
write.(CVE-2017-5509)The ReadSVGImage function in svg.c
in ImageMagick 7.0.5-4 allows remote attackers to
consume an amount of available memory via a crafted
file.(CVE-2017-7943)Heap-based buffer overflow in
ImageMagick allows remote attackers to have unspecified
impact via a crafted psd file, a different
vulnerability than CVE-2014-9825.(CVE-2014-9824)The
ReadVICARImage function in coders/vicar.c in
ImageMagick 6.x before 6.9.0-5 Beta allows remote
attackers to cause a denial of service (infinite loop)
via a crafted VICAR file.(CVE-2015-8903)Buffer overflow
in the sixel_decode function in coders/sixel.c in
ImageMagick before 6.9.5-8 allows remote attackers to
cause a denial of service (application crash) or have
other unspecified impact via a crafted
file.(CVE-2016-10056)Buffer overflow in the
ReadVIFFImage function in coders/viff.c in ImageMagick
before 6.9.4-5 allows remote attackers to cause a
denial of service (application crash) via a crafted
file.(CVE-2016-10066)The WPG parser in ImageMagick
before 6.9.4-4 and 7.x before 7.0.1-5, when a memory
limit is set, allows remote attackers to have
unspecified impact via vectors related to the
SetImageExtent return-value check, which trigger (1) a
heap-based buffer overflow in the SetPixelIndex
function or an invalid write operation in the (2)
ScaleCharToQuantum or (3) SetPixelIndex
functions.(CVE-2016-5688)The ReadSUNImage function in
coders/sun.c in ImageMagick allows remote attackers to
cause a denial of service (out-of-bounds read) via a
crafted SUN file.(CVE-2016-7518)The generic decoder in
ImageMagick allows remote attackers to cause a denial
of service (out-of-bounds access) via a crafted
file.(CVE-2016-7534)The ReadTXTImage function in
coders/txt.c in ImageMagick through 6.9.9-0 and 7.x
through 7.0.6-1 allows remote attackers to cause a
denial of service (infinite loop) via a crafted file,
because the end-of-file condition is not
considered.(CVE-2017-11523)In ImageMagick before
6.9.9-4 and 7.x before 7.0.6-4, a crafted file could
trigger a memory leak in ReadOnePNGImage in
coders/png.c.(CVE-2017-13141)Heap-based buffer overflow
in the PushQuantumPixel function in ImageMagick before
6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers
to cause a denial of service (application crash) via a
crafted TIFF file.(CVE-2017-5508)The ReadAVSImage
function in avs.c in ImageMagick 7.0.5-4 allows remote
attackers to consume an amount of available memory via
a crafted file.(CVE-2017-7942)Heap-based buffer
overflow in ImageMagick allows remote attackers to have
unspecified impact via a crafted palm file, a different
vulnerability than CVE-2014-9819.(CVE-2014-9823)The
ReadBlobByte function in coders/pdb.c in ImageMagick
6.x before 6.9.0-5 Beta allows remote attackers to
cause a denial of service (infinite loop) via a crafted
PDB file.(CVE-2015-8902)Buffer overflow in the
WritePDBImage function in coders/pdb.c in ImageMagick
before 6.9.5-8 allows remote attackers to cause a
denial of service (application crash) or have other
unspecified impact via a crafted
file.(CVE-2016-10055)The ReadVIFFImage function in
coders/viff.c in ImageMagick before 7.0.1-0 allows
remote attackers to cause a denial of service
(application crash) or have other unspecified impact
via a crafted file.(CVE-2016-10065)The VerticalFilter
function in the DDS coder in ImageMagick before 6.9.4-3
and 7.x before 7.0.1-4 allows remote attackers to have
unspecified impact via a crafted DDS file, which
triggers an out-of-bounds read.(CVE-2016-5687)The
EncodeImage function in coders/pict.c in ImageMagick
allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted PICT
file.(CVE-2016-7517)The ReadWPGImage function in
coders/wpg.c in ImageMagick allows remote attackers to
cause a denial of service (out-of-bounds read) via a
crafted WPG file.(CVE-2016-7533)The ReadOneJNGImage
function in coders/png.c in ImageMagick through 6.9.9-0
and 7.x through 7.0.6-1 allows remote attackers to
cause a denial of service (large loop and CPU
consumption) via a malformed JNG
file.(CVE-2017-11505)In ImageMagick before 6.9.9-1 and
7.x before 7.0.6-2, the ReadOnePNGImage function in
coders/png.c allows remote attackers to cause a denial
of service (application hang in LockSemaphoreInfo) via
a PNG file with a width equal to
MAGICK_WIDTH_LIMIT.(CVE-2017-13140)Memory leak in
coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x
before 7.0.4-4 allows remote attackers to cause a
denial of service (memory consumption) via vectors
involving a pixel cache.(CVE-2017-5507)The ReadSGIImage
function in sgi.c in ImageMagick 7.0.5-4 allows remote
attackers to consume an amount of available memory via
a crafted file.(CVE-2017-7941)Heap-based buffer
overflow in ImageMagick allows remote attackers to have
unspecified impact via a crafted quantum
file.(CVE-2014-9822)ImageMagick 6.x before 6.9.0-5 Beta
allows remote attackers to cause a denial of service
(infinite loop) via a crafted MIFF
file.(CVE-2015-8901)Buffer overflow in the
WriteMAPImage function in coders/map.c in ImageMagick
before 6.9.5-8 allows remote attackers to cause a
denial of service (application crash) or have other
unspecified impact via a crafted
file.(CVE-2016-10054)Buffer overflow in coders/tiff.c
in ImageMagick before 6.9.5-1 allows remote attackers
to cause a denial of service (application crash) or
have other unspecified impact via a crafted
file.(CVE-2016-10064)Memory leak in the IsOptionMember
function in MagickCore/option.c in ImageMagick before
6.9.2-2, as used in ODR-PadEnc and other products,
allows attackers to trigger memory
consumption.(CVE-2016-10252)The ReadVIFFImage function
in coders/viff.c in ImageMagick allows remote attackers
to cause a denial of service (out-of-bounds read) via a
crafted VIFF file.(CVE-2016-7516)MagickCore/memory.c in
ImageMagick allows remote attackers to cause a denial
of service (out-of-bounds write) via a crafted PDB
file.(CVE-2016-7531)The ReadOneDJVUImage function in
coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x
through 7.0.6-1 allows remote attackers to cause a
denial of service (infinite loop and CPU consumption)
via a malformed DJVU image.(CVE-2017-11478)In
ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the
ReadOneMNGImage function in coders/png.c has an
out-of-bounds read with the MNG CLIP
chunk.(CVE-2017-13139)ImageMagick before 7.0.7-12 has a
coders/png.c Magick_png_read_raw_profile heap-based
buffer over-read via a crafted file, related to
ReadOneMNGImage.(CVE-2017-17504)An issue was discovered
in ImageMagick 6.9.7. A specially crafted webp file
could lead to a file-descriptor leak in libmagickcore
(thus, a DoS).(CVE-2017-6502)Heap-based buffer overflow
in ImageMagick allows remote attackers to have
unspecified impact via a crafted xpm
file.(CVE-2014-9821)The ReadHDRImage function in
coders/hdr.c in ImageMagick 6.x and 7.x allows remote
attackers to cause a denial of service (infinite loop)
via a crafted HDR file.(CVE-2015-8900)The
WriteTIFFImage function in coders/tiff.c in ImageMagick
before 6.9.5-8 allows remote attackers to cause a
denial of service (divide-by-zero error and application
crash) via a crafted file.(CVE-2016-10053)Buffer
overflow in coders/tiff.c in ImageMagick before 6.9.5-1
allows remote attackers to cause a denial of service
(application crash) or have other unspecified impact
via a crafted file, related to extend
validity.(CVE-2016-10063)Off-by-one error in
coders/wpg.c in ImageMagick allows remote attackers to
have unspecified impact via vectors related to a string
copy.(CVE-2016-10145)The ReadRLEImage function in
coders/rle.c in ImageMagick allows remote attackers to
cause a denial of service (out-of-bounds read) via
vectors related to the number of
pixels.(CVE-2016-7515)The quantum handling code in
ImageMagick allows remote attackers to cause a denial
of service (divide-by-zero error or out-of-bounds
write) via a crafted file.(CVE-2016-7530)coders/tiff.c
in ImageMagick before 7.0.3.7 allows remote attackers
to cause a denial of service (NULL pointer dereference
and crash) via a crafted image.(CVE-2016-9559)The
ProcessMSLScript function in coders/msl.c in
ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5
allows remote attackers to cause a denial of service
(memory leak) via a crafted file, related to the
WriteMSLImage function.(CVE-2017-12427)ImageMagick
before 6.9.9-24 and 7.x before 7.0.7-12 has a
use-after-free in Magick::Image::read in
Magick++/lib/Image.cpp.(CVE-2017-17499)An issue was
discovered in ImageMagick 6.9.7. A specially crafted
xcf file could lead to a NULL pointer
dereference.(CVE-2017-6501)The JPEG decoder in
ImageMagick before 6.8.9-9 allows local users to cause
a denial of service (out-of-bounds memory access and
crash).(CVE-2014-8716)coders/dds.c in ImageMagick
allows remote attackers to cause a denial of service
via a crafted DDS file.(CVE-2014-9907)Buffer overflow
in the WriteProfile function in coders/jpeg.c in
ImageMagick before 6.9.5-6 allows remote attackers to
cause a denial of service (application crash) or have
other unspecified impact via a crafted
file.(CVE-2016-10052)The ReadGROUP4Image function in
coders/tiff.c in ImageMagick does not check the return
value of the fwrite function, which allows remote
attackers to cause a denial of service (application
crash) via a crafted file.(CVE-2016-10062)coders/ipl.c
in ImageMagick allows remote attackers to have
unspecific impact by leveraging a missing malloc
check.(CVE-2016-10144)The SGI coder in ImageMagick
before 7.0.2-10 allows remote attackers to cause a
denial of service (out-of-bounds read) via a large row
value in an sgi file.(CVE-2016-7101)coders/xcf.c in
ImageMagick allows remote attackers to cause a denial
of service (out-of-bounds read) via a crafted XCF
file.(CVE-2016-7529)The AcquireMagickMemory function in
MagickCore/memory.c in ImageMagick 7.0.3.3 before
7.0.3.8 allows remote attackers to have unspecified
impact via a crafted image, which triggers a memory
allocation failure. NOTE: this vulnerability exists
because of an incomplete fix for
CVE-2016-8862.(CVE-2016-8866)The ReadEPTImage function
in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x
before 7.0.6-1 allows remote attackers to cause a
denial of service (memory consumption) via a crafted
file.(CVE-2017-11530)In ImageMagick before 6.9.9-3 and
7.x before 7.0.6-3, there is a missing NULL check in
the ReadMATImage function in coders/mat.c, leading to a
denial of service (assertion failure and application
exit) in the DestroyImageInfo function in
MagickCore/image.c.(CVE-2017-13658)An issue was
discovered in ImageMagick 6.9.7. A specially crafted
sun file triggers a heap-based buffer
over-read.(CVE-2017-6500)DCM decode in ImageMagick
before 6.8.9-9 allows remote attackers to cause a
denial of service (out-of-bounds
read).(CVE-2014-8562)coders/tiff.c in ImageMagick
allows remote attackers to cause a denial of service
(application crash) via vectors related to the
'identification of image.'(CVE-2014-9854)Buffer
overflow in the ReadRLEImage function in coders/rle.c
in ImageMagick before 6.9.4-4 allows remote attackers
to cause a denial of service (application crash) or
have other unspecified impact via a crafted RLE
file.(CVE-2016-10049)The ReadGROUP4Image function in
coders/tiff.c in ImageMagick before 7.0.1-10 does not
check the return value of the fputc function, which
allows remote attackers to cause a denial of service
(crash) via a crafted image
file.(CVE-2016-10061)coders/mat.c in ImageMagick before
6.9.4-0 allows remote attackers to cause a denial of
service (out-of-bounds read and application crash) via
a crafted mat file.(CVE-2016-10071)Integer overflow in
the BMP coder in ImageMagick before 7.0.2-10 allows
remote attackers to cause a denial of service (crash)
via crafted height and width values, which triggers an
out-of-bounds write.(CVE-2016-6823)The ReadVIFFImage
function in coders/viff.c in ImageMagick allows remote
attackers to cause a denial of service (segmentation
fault) via a crafted VIFF file.(CVE-2016-7528)An
exploitable out of bounds write exists in the handling
of compressed TIFF images in ImageMagicks's convert
utility. A crafted TIFF document can lead to an out of
bounds write which in particular circumstances could be
leveraged into remote code execution. The vulnerability
can be triggered through any user controlled TIFF that
is handled by this functionality.(CVE-2016-8707)The
ReadMATImage function in coders/mat.c in ImageMagick
before 6.9.9-0 and 7.x before 7.0.6-1 allows remote
attackers to cause a denial of service (memory leak)
via a crafted file.(CVE-2017-11529)In ImageMagick
before 6.9.8-5 and 7.x before 7.0.5-6, there is a
memory leak in the ReadMATImage function in
coders/mat.c.(CVE-2017-13146)An issue was discovered in
Magick++ in ImageMagick 6.9.7. A specially crafted file
creating a nested exception could lead to a memory leak
(thus, a DoS).(CVE-2017-6499)PCX parser code in
ImageMagick before 6.8.9-9 allows remote attackers to
cause a denial of service (out-of-bounds
read).(CVE-2014-8355)Memory leak in coders/rle.c in
ImageMagick allows remote attackers to cause a denial
of service (memory consumption) via a crafted rle
file.(CVE-2014-9853)Memory leak in the NewXMLTree
function in magick/xml-tree.c in ImageMagick before
6.9.4-7 allows remote attackers to cause a denial of
service (memory consumption) via a crafted XML
file.(CVE-2016-10047)The ConcatenateImages function in
MagickWand/magick-cli.c in ImageMagick before 7.0.1-10
does not check the return value of the fputc function,
which allows remote attackers to cause a denial of
service (application crash) via a crafted
file.(CVE-2016-10060)Heap-based buffer overflow in the
CalcMinMax function in coders/mat.c in ImageMagick
before 6.9.4-0 allows remote attackers to cause a
denial of service (out-of-bounds read and application
crash) via a crafted mat file.(CVE-2016-10070)Buffer
overflow in the Get8BIMProperty function in
MagickCore/property.c in ImageMagick before 6.9.5-4 and
7.x before 7.0.2-6 allows remote attackers to cause a
denial of service (out-of-bounds read, memory leak, and
crash) via a crafted image.(CVE-2016-6491)coders/wpg.c
in ImageMagick allows remote attackers to cause a
denial of service (out-of-bounds write) via a crafted
file.(CVE-2016-7526)The AcquireQuantumPixels function
in MagickCore/quantum.c in ImageMagick before 7.0.3-1
allows remote attackers to have unspecified impact via
a crafted image file, which triggers a memory
allocation failure.(CVE-2016-8677)The ReadDIBImage
function in coders/dib.c in ImageMagick before 6.9.9-0
and 7.x before 7.0.6-1 allows remote attackers to cause
a denial of service (memory leak) via a crafted
file.(CVE-2017-11528)In ImageMagick before 6.9.8-8 and
7.x before 7.0.5-9, the ReadJP2Image function in
coders/jp2.c does not properly validate the channel
geometry, leading to a crash.(CVE-2017-13145)An issue
was discovered in ImageMagick 6.9.7. Incorrect TGA
files could trigger assertion failures, thus leading to
DoS.(CVE-2017-6498)The HorizontalFilter function in
resize.c in ImageMagick before 6.8.9-9 allows remote
attackers to cause a denial of service (out-of-bounds
read) via a crafted image
file.(CVE-2014-8354)distribute-cache.c in ImageMagick
re-uses objects after they have been destroyed, which
allows remote attackers to have unspecified impact via
unspecified vectors.(CVE-2014-9852)Heap-based buffer
overflow in the DrawImage function in magick/draw.c in
ImageMagick before 6.9.5-5 allows remote attackers to
cause a denial of service (application crash) via a
crafted image file.(CVE-2016-10046)Buffer overflow in
coders/tiff.c in ImageMagick before 6.9.4-1 allows
remote attackers to cause a denial of service
(application crash) or have unspecified other impact
via a crafted TIFF file.(CVE-2016-10059)coders/mat.c in
ImageMagick before 6.9.4-5 allows remote attackers to
cause a denial of service (application crash) via a mat
file with an invalid number of
frames.(CVE-2016-10069)The DCM reader in ImageMagick
before 6.9.4-5 and 7.x before 7.0.1-7 allows remote
attackers to have unspecified impact by leveraging lack
of validation of (1) pixel.red, (2) pixel.green, and
(3) pixel.blue.(CVE-2016-5691)Heap-based buffer
overflow in coders/psd.c in ImageMagick allows remote
attackers to cause a denial of service (out-of-bounds
read) via a crafted PSD
file.(CVE-2016-7525)magick/attribute.c in ImageMagick
7.0.3-2 allows remote attackers to cause a denial of
service (use-after-free) via a crafted
file.(CVE-2016-7906)The ReadDPXImage function in
coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x
before 7.0.6-1 allows remote attackers to cause a
denial of service (memory consumption) via a crafted
file.(CVE-2017-11527)In ImageMagick before 6.9.7-10,
there is a crash (rather than a 'width or height
exceeds limit' error report) if the image dimensions
are too large, as demonstrated by use of the mpc
coder.(CVE-2017-13144)An issue was discovered in
ImageMagick 6.9.7. A specially crafted psd file could
lead to a NULL pointer dereference (thus, a
DoS).(CVE-2017-6497)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1aef7cdc");
script_set_attribute(attribute:"solution", value:
"Update the affected ImageMagick packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16328");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-c++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-perl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["ImageMagick-6.9.9.38-1.h4",
"ImageMagick-c++-6.9.9.38-1.h4",
"ImageMagick-libs-6.9.9.38-1.h4",
"ImageMagick-perl-6.9.9.38-1.h4"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | imagemagick | p-cpe:/a:huawei:euleros:imagemagick |
huawei | euleros | imagemagick-c%2b%2b | p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b |
huawei | euleros | imagemagick-libs | p-cpe:/a:huawei:euleros:imagemagick-libs |
huawei | euleros | imagemagick-perl | p-cpe:/a:huawei:euleros:imagemagick-perl |
huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8716
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9852
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4564
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7906
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7175
www.nessus.org/u?1aef7cdc