The version of ImageMagick installed on the remote Windows host is prior to 7.0.8-56. It is, therefore, affected by multiple vulnerabilities:
An integer overflow condition exists in the TIFFSeekCustomStream function. An unauthenticated, remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a denial of service condition or the execution of arbitrary code (CVE-2019-13136).
A stack-based buffer overflow condition exists in the WritePNMImage function due to an off-by-one error. An unauthenticated,remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a denial of service condition or the execution of arbitrary code (CVE-2019-13306).
A heap-based buffer overflow condition exists in the EvaluateImages function due to a mishandling of rows. An unauthenticated, remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a denial of service condition or the execution of arbitrary code (CVE-2019-13307).
Note that the application may also be affected by additional vulnerabilities. Refer to the vendor for additional information.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(127051);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31");
script_cve_id(
"CVE-2019-13133",
"CVE-2019-13134",
"CVE-2019-13135",
"CVE-2019-13136",
"CVE-2019-13137",
"CVE-2019-13295",
"CVE-2019-13296",
"CVE-2019-13297",
"CVE-2019-13298",
"CVE-2019-13299",
"CVE-2019-13300",
"CVE-2019-13301",
"CVE-2019-13302",
"CVE-2019-13303",
"CVE-2019-13304",
"CVE-2019-13305",
"CVE-2019-13306",
"CVE-2019-13307",
"CVE-2019-13308",
"CVE-2019-13309",
"CVE-2019-13310",
"CVE-2019-13311",
"CVE-2019-13454"
);
script_bugtraq_id(109099, 109308, 109362);
script_xref(name:"IAVB", value:"2019-B-0062-S");
script_name(english:"ImageMagick < 7.0.8-56 Multiple vulnerabilities");
script_summary(english:"Checks the version of ImageMagick.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of ImageMagick installed on the remote Windows host is prior to 7.0.8-56. It is, therefore, affected by
multiple vulnerabilities:
- An integer overflow condition exists in the TIFFSeekCustomStream function. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a crafted image file, to cause a denial of service condition or the
execution of arbitrary code (CVE-2019-13136).
- A stack-based buffer overflow condition exists in the WritePNMImage function due to an off-by-one error. An
unauthenticated,remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a
denial of service condition or the execution of arbitrary code (CVE-2019-13306).
- A heap-based buffer overflow condition exists in the EvaluateImages function due to a mishandling of rows. An
unauthenticated, remote attacker can exploit this, by convincing a user to open a crafted image file, to cause a
denial of service condition or the execution of arbitrary code (CVE-2019-13307).
Note that the application may also be affected by additional vulnerabilities. Refer to the vendor for additional
information.");
# https://github.com/ImageMagick/ImageMagick/milestone/17?closed=1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d6a6a267");
script_set_attribute(attribute:"solution", value:
"Upgrade to ImageMagick version 7.0.8-56 or later. Note that you may
also need to manually uninstall the vulnerable version from the system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13308");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:imagemagick:imagemagick");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("imagemagick_installed.nasl");
script_require_keys("installed_sw/ImageMagick");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
vcf::imagemagick::initialize();
app_info = vcf::imagemagick::get_app_info();
constraints = [{'fixed_version' : '7.0.8-56'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
imagemagick | imagemagick | cpe:/a:imagemagick:imagemagick |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13298
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13299
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13307
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13311
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13454
www.nessus.org/u?d6a6a267