Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.IMAGEMAGICK_6_9_4_5.NASL
HistoryJun 24, 2016 - 12:00 a.m.

ImageMagick 6.x < 6.9.4-5 / 7.x < 7.0.1-7 Multiple DoS

2016-06-2400:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-5 or 7.x prior to 7.0.1-7. It is, therefore, affected by multiple denial of service vulnerabilities :

  • A denial of service vulnerability exists in the DCM reader due to a NULL pointer dereference flaw that is triggered during the handling of photometric interpretation or the handling of frames. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.
    (CVE-2016-5689)

  • A denial of service vulnerability exists in the DCM reader due to improper computation of the pixel scaling table. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.
    (CVE-2016-5690)

  • A denial of service vulnerability exists in the DCM reader due to improper validation of pixel.red, pixel,green, and pixel.blue. An unauthenticated, remote attacker can exploit this to crash processes linked against the library. (CVE-2016-5691)

  • Multiple denial of service vulnerabilities exist in multiple functions in viff.c due to improper handling of a saturation of exceptions. An unauthenticated, remote attacker can exploit these issues to crash processes linked against the library. (CVE-2016-10066, CVE-2016-10067)

  • A denial of service vulnerability exists in the ThrowReaderException() function in mat.c due to improper handling of frame numbers in a crafted MAT file. An unauthenticated, remote attacker can exploit this to crash processes linked against the library.
    (CVE-2016-10069)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91819);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/07");

  script_cve_id(
    "CVE-2016-5689",
    "CVE-2016-5690",
    "CVE-2016-5691",
    "CVE-2016-10066",
    "CVE-2016-10067",
    "CVE-2016-10069"
  );
  script_bugtraq_id(91283);

  script_name(english:"ImageMagick 6.x < 6.9.4-5 / 7.x < 7.0.1-7 Multiple DoS");
  script_summary(english:"Checks the version of ImageMagick.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by
multiple denial of service vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of ImageMagick installed on the remote Windows host is 6.x
prior to 6.9.4-5 or 7.x prior to 7.0.1-7. It is, therefore, affected
by multiple denial of service vulnerabilities :

  - A denial of service vulnerability exists in the DCM
    reader due to a NULL pointer dereference flaw that is
    triggered during the handling of photometric
    interpretation or the handling of frames. An
    unauthenticated, remote attacker can exploit this to
    crash processes linked against the library.
    (CVE-2016-5689)

  - A denial of service vulnerability exists in the DCM
    reader due to improper computation of the pixel scaling
    table. An unauthenticated, remote attacker can exploit
    this to crash processes linked against the library.
    (CVE-2016-5690)

  - A denial of service vulnerability exists in the DCM
    reader due to improper validation of pixel.red,
    pixel,green, and pixel.blue. An unauthenticated, remote
    attacker can exploit this to crash processes linked
    against the library. (CVE-2016-5691)

  - Multiple denial of service vulnerabilities exist in
    multiple functions in viff.c due to improper handling of
    a saturation of exceptions. An unauthenticated, remote
    attacker can exploit these issues to crash processes
    linked against the library. (CVE-2016-10066,
    CVE-2016-10067)

  - A denial of service vulnerability exists in the
    ThrowReaderException() function in mat.c due to improper
    handling of frame numbers in a crafted MAT file. An
    unauthenticated, remote attacker can exploit this to
    crash processes linked against the library.
    (CVE-2016-10069)");
  script_set_attribute(attribute:"see_also", value:"http://www.imagemagick.org/script/changelog.php");
  # https://blog.fuzzing-project.org/46-Various-invalid-memory-accesses-in-ImageMagick-WPG,-DDS,-DCM.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0b5f3426");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ImageMagick version 6.9.4-5 / 7.0.1-7 or later.

Note that you may need to manually uninstall the vulnerable version
from the system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5691");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:imagemagick:imagemagick");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("imagemagick_installed.nasl");
  script_require_keys("installed_sw/ImageMagick");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::imagemagick::initialize();
var app_info = vcf::imagemagick::get_app_info();

var constraints = [
  {'min_version' : '6.0.0-0', 'fixed_version' : '6.9.4-5'},
  {'min_version' : '7.0.0-0', 'fixed_version' : '7.0.1-7'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
imagemagickimagemagickcpe:/a:imagemagick:imagemagick

Related

openvas 13
nessus 12
cve 6
debiancve 6
redhatcve 6
ubuntucve 6
veracode 6
prion 6
alpinelinux 3
debian 3
osv 4
suse 4
ubuntu 1
openvas
openvas
ImageMagick Multiple Security Bypass And DoS Vulnerabilities (Mac OS X)
2017-01-17 00:00:00
ImageMagick Multiple Security Bypass And DoS Vulnerabilities (Windows)
2017-01-16 00:00:00
ImageMagick Multiple Unspecified Vulnerabilities (Windows)
2016-06-06 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1970)
2019-09-23 00:00:00
openSUSE Security Update : GraphicsMagick (openSUSE-2017-214)
2017-02-09 00:00:00
Debian DSA-3652-1 : imagemagick - security update
2016-08-26 00:00:00
cve
cve
CVE-2016-10069
2017-03-02 21:59:00
CVE-2016-10066
2017-03-03 17:59:00
CVE-2016-5690
2016-12-13 15:59:00
debiancve
debiancve
CVE-2016-10066
2017-03-03 17:59:00
CVE-2016-10069
2017-03-02 21:59:00
CVE-2016-5691
2016-12-13 15:59:00
redhatcve
redhatcve
CVE-2016-10069
2017-01-05 16:17:43
CVE-2016-10066
2017-01-05 15:47:40
CVE-2016-5690
2016-06-20 10:48:23
ubuntucve
ubuntucve
CVE-2016-10066
2017-03-03 00:00:00
CVE-2016-10069
2017-03-02 00:00:00
CVE-2016-5691
2016-06-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-04-17 12:01:36
Denial Of Service (DoS)
2017-04-17 11:42:48
Denial Of Service (DoS) Through Integer Overflow
2017-01-31 08:47:53
prion
prion
Design/Logic Flaw
2017-03-02 21:59:00
Buffer overflow
2017-03-03 17:59:00
Code injection
2016-12-13 15:59:00
alpinelinux
alpinelinux
CVE-2016-5691
2016-12-13 15:59:00
CVE-2016-5690
2016-12-13 15:59:00
CVE-2016-5689
2016-12-13 15:59:00
debian
debian
[SECURITY] [DSA 3652-1] imagemagick security update
2016-08-25 20:53:02
[BSA-114] Security update for wordpress
2017-01-23 07:39:04
[SECURITY] [DLA 731-1] imagemagick security update
2016-12-02 05:44:49
osv
osv
imagemagick - security update
2016-11-26 00:00:00
imagemagick - security update
2016-12-22 00:00:00
imagemagick - security update
2016-08-25 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-07-11 16:08:01
Security update for ImageMagick (important)
2016-07-20 12:09:04
Security update for ImageMagick (important)
2016-07-11 16:26:48
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-21 00:00:00
JSON
Related for IMAGEMAGICK_6_9_4_5.NASL
openvas13nessus12cve6debiancve6redhatcve6ubuntucve6veracode6prion6alpinelinux3debian3osv4suse4ubuntu1