Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.IMAGEMAGICK_7_0_8-44.NASL
HistoryMay 10, 2019 - 12:00 a.m.

ImageMagick < 7.0.8-44 Multiple vulnerabilities

2019-05-1000:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-44. It is, therefore, affected by multiple vulnerabilities:

  • A denial of service vulnerability exists due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this by convincing a user into converting a specially crafted file, to cause the system to stop responding. (CVE-2018-15607)

  • A stack-based buffer overflow condition exists in the PopHexPixel function due to a failure to handle exceptional conditions. An unauthenticated,remote attacker can exploit this, via convincing a user to open a crafted image file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-9956)

  • A memory leak vulnerability exists in the SVGKeyValuePairs function due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this via convincing a user to open a crafted image file, to cause the application to stop responding.
    (CVE-2019-10649)

Note that the application may also be affected by additional vulnerabilities. Refer to the vendor for additional information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124776);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/30 13:24:47");

  script_cve_id(
    "CVE-2018-15607",
    "CVE-2019-9956",
    "CVE-2019-10649",
    "CVE-2019-10650",
    "CVE-2019-11597",
    "CVE-2019-11598"
  );
  script_bugtraq_id(
    105137,
    107546,
    107645,
    107646,
    108102
  );

  script_name(english:"ImageMagick < 7.0.8-44 Multiple vulnerabilities");
  script_summary(english:"Checks the version of ImageMagick.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by multiple vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of ImageMagick installed on the remote Windows host is
7.x prior to 7.0.8-44. It is, therefore, affected by multiple
vulnerabilities:

  - A denial of service vulnerability exists due to a
    failure to handle exceptional conditions. An unauthenticated,
    remote attacker can exploit this by convincing a user into
    converting a specially crafted file, to cause the system
    to stop responding. (CVE-2018-15607)

  - A stack-based buffer overflow condition exists in the
    PopHexPixel function due to a failure to handle exceptional
    conditions. An unauthenticated,remote attacker can exploit
    this, via convincing a user to open a crafted image file,
    to cause a denial of service condition or the execution of
    arbitrary code. (CVE-2019-9956)

  - A memory leak vulnerability exists in the
    SVGKeyValuePairs function due to a failure to handle
    exceptional conditions. An unauthenticated, remote attacker
    can exploit this via convincing a user to open a crafted
    image file, to cause the application to stop responding.
    (CVE-2019-10649)

Note that the application may also be affected by additional
vulnerabilities. Refer to the vendor for additional information.
");
  # https://www.cvedetails.com/cve/CVE-2018-15607
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b866ca80");
  # https://www.cvedetails.com/cve/CVE-2019-9956
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?46745bf3");
  # https://www.cvedetails.com/cve/CVE-2019-10649
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ef3902f");
  # https://www.cvedetails.com/cve/CVE-2019-10650
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76a32d69");
  # https://www.cvedetails.com/cve/CVE-2019-11597
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?614bf163");
  # https://www.cvedetails.com/cve/CVE-2019-11598
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3fffdd92");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ImageMagick version 7.0.8-44 or later. Note that you may
also need to manually uninstall the vulnerable version from the system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9956");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:imagemagick:imagemagick");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("imagemagick_installed.nasl");
  script_require_keys("installed_sw/ImageMagick");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::imagemagick::initialize();
app_info = vcf::imagemagick::get_app_info();

constraints = [{'fixed_version' : '7.0.8-44'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
imagemagickimagemagickcpe:/a:imagemagick:imagemagick

Related

nessus 43
openvas 27
mageia 1
osv 11
debian 5
freebsd 1
suse 5
ubuntucve 8
redhatcve 7
veracode 6
debiancve 7
prion 7
cve 7
alpinelinux 7
archlinux 1
ubuntu 1
cloudfoundry 1
ibm 2
amazon 10
oraclelinux 1
redhat 1
centos 1
nessus
nessus
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1583)
2019-05-29 00:00:00
Debian DSA-4436-1 : imagemagick - security update
2019-04-29 00:00:00
EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-1296)
2019-04-30 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0142)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-1583)
2020-01-23 00:00:00
ImageMagick <= 7.0.8-36 Multiple Vulnerabilities - Mac OS X
2019-08-14 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerability
2019-04-11 00:25:19
osv
osv
imagemagick - security update
2019-04-28 00:00:00
CVE-2019-10649
2019-03-30 14:29:00
CVE-2019-11598
2019-04-29 16:29:00
debian
debian
[SECURITY] [DSA 4436-1] imagemagick security update
2019-04-28 19:46:11
[SECURITY] [DSA 4712-1] imagemagick security update
2020-06-30 20:31:53
[SECURITY] [DLA 1785-1] imagemagick security update
2019-05-14 10:40:29
freebsd
freebsd
ImageMagick -- multiple vulnerabilities
2019-03-07 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2019-05-04 00:00:00
Security update for ImageMagick (moderate)
2019-07-23 00:00:00
Security update for ImageMagick (moderate)
2019-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2019-10649
2019-03-30 00:00:00
CVE-2019-9956
2019-03-23 00:00:00
CVE-2019-10650
2019-03-30 00:00:00
redhatcve
redhatcve
CVE-2019-10649
2019-04-16 14:20:19
CVE-2018-15607
2018-08-27 22:49:01
CVE-2019-11598
2019-05-02 09:13:16
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:33:46
Denial Of Service (DoS)
2018-08-23 06:39:43
Denial Of Service (DoS)
2020-04-01 00:38:59
debiancve
debiancve
CVE-2019-10649
2019-03-30 14:29:00
CVE-2018-15607
2018-08-21 15:29:00
CVE-2019-11597
2019-04-29 16:29:00
prion
prion
Memory corruption
2019-03-30 14:29:00
Design/Logic Flaw
2018-08-21 15:29:00
Heap overflow
2019-04-29 16:29:00
cve
cve
CVE-2019-10649
2019-03-30 14:29:00
CVE-2019-11598
2019-04-29 16:29:00
CVE-2018-15607
2018-08-21 15:29:00
alpinelinux
alpinelinux
CVE-2019-10649
2019-03-30 14:29:00
CVE-2019-11598
2019-04-29 16:29:00
CVE-2018-15607
2018-08-21 15:29:00
archlinux
archlinux
[ASA-201903-15] imagemagick: arbitrary code execution
2019-03-28 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-06-25 00:00:00
cloudfoundry
cloudfoundry
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
ibm
ibm
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.
2022-02-21 04:39:05
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
2021-08-13 22:15:02
amazon
amazon
Medium: php56-pecl-imagick
2023-08-21 12:14:00
Important: ImageMagick
2024-01-19 01:51:00
Medium: php55-pecl-imagick
2023-08-21 12:14:00
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00
redhat
redhat
(RHSA-2020:1180) Moderate: ImageMagick security, bug fix, and enhancement update
2020-03-31 09:28:57
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
JSON
Related for IMAGEMAGICK_7_0_8-44.NASL
nessus43openvas27mageia1osv11debian5freebsd1suse5ubuntucve8redhatcve7veracode6debiancve7prion7cve7alpinelinux7archlinux1ubuntu1cloudfoundry1ibm2amazon10oraclelinux1redhat1centos1