Lucene search
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-1312.NASLHistoryOct 29, 2018 - 12:00 a.m.
openSUSE Security Update : ImageMagick (openSUSE-2018-1312)
2018-10-2900:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0.021
Percentile
89.5%
This update for ImageMagick fixes the following issues :
-
CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399]
-
CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609)
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-1312.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(118484);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/26");
script_cve_id("CVE-2017-14997", "CVE-2018-16644");
script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2018-1312)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for ImageMagick fixes the following issues :
- CVE-2017-14997: GraphicsMagick allowed remote attackers
to cause a denial of service (excessive memory
allocation) because of an integer underflow in
ReadPICTImage in coders/pict.c. [bsc#1112399]
- CVE-2018-16644: An regression in the security fix for
the pict coder was fixed (bsc#1107609)
This update was imported from the SUSE:SLE-12:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107609");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112399");
script_set_attribute(attribute:"solution", value:
"Update the affected ImageMagick packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14997");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-16644");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debugsource-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-devel-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-devel-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-debuginfo-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"ImageMagick-devel-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-devel-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-32bit-6.8.8.1-76.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-76.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libmagick%2b%2b-6_q16-3-debuginfo-32bit | p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit |
| novell | opensuse | perl-perlmagick-debuginfo | p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo |
| novell | opensuse | imagemagick-devel | p-cpe:/a:novell:opensuse:imagemagick-devel |
| novell | opensuse | imagemagick-extra | p-cpe:/a:novell:opensuse:imagemagick-extra |
| novell | opensuse | libmagick%2b%2b-devel | p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel |
| novell | opensuse | libmagickwand-6_q16-1 | p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1 |
| novell | opensuse | libmagickwand-6_q16-1-debuginfo | p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo |
| novell | opensuse | imagemagick | p-cpe:/a:novell:opensuse:imagemagick |
| novell | opensuse | libmagick%2b%2b-6_q16-3-32bit | p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit |
| novell | opensuse | libmagickcore-6_q16-1-32bit | p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit |
Related
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2018:3524-1)
2018-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3465-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3808-1)
2021-06-09 00:00:00
suse
suse
Security update for ImageMagick (moderate)
2018-10-27 00:27:39
Security update for GraphicsMagick (moderate)
2018-10-26 14:40:08
Security update for GraphicsMagick (low)
2018-09-17 15:08:02
nessus
nessus
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3465-1)
2018-10-26 00:00:00
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3808-1)
2018-11-20 00:00:00
openSUSE Security Update : GraphicsMagick (openSUSE-2018-1291)
2018-10-29 00:00:00
cve
cve
CVE-2017-14997
2017-10-04 01:29:03
CVE-2018-16644
2018-09-06 22:29:01
ubuntucve
ubuntucve
CVE-2017-14997
2017-10-04 00:00:00
CVE-2018-16644
2018-09-06 00:00:00
alpinelinux
alpinelinux
CVE-2017-14997
2017-10-04 01:29:03
CVE-2018-16644
2018-09-06 22:29:01
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:30:00
Denial Of Service (DoS)
2018-10-05 02:27:11
prion
prion
Integer overflow
2017-10-04 01:29:00
Design/Logic Flaw
2018-09-06 22:29:00
nvd
nvd
CVE-2017-14997
2017-10-04 01:29:03
CVE-2018-16644
2018-09-06 22:29:01
debiancve
debiancve
CVE-2017-14997
2017-10-04 01:29:03
CVE-2018-16644
2018-09-06 22:29:01
cvelist
cvelist
CVE-2017-14997
2017-10-03 07:00:00
CVE-2018-16644
2018-09-06 22:00:00
osv
osv
CVE-2018-16644
2018-09-06 22:29:01
imagemagick - security update
2018-10-12 00:00:00
graphicsmagick - security update
2017-10-10 00:00:00
redhatcve
redhatcve
CVE-2018-16644
2018-09-07 17:49:27
debian
debian
[SECURITY] [DSA 4316-1] imagemagick security update
2018-10-12 20:55:21
[SECURITY] [DLA 1530-1] imagemagick security update
2018-10-03 18:05:30
[SECURITY] [DLA 1154-1] graphicsmagick security update
2017-10-31 17:48:00
ubuntu
ubuntu
GraphicsMagick vulnerabilities
2020-01-08 00:00:00
ImageMagick vulnerabilities
2018-10-04 00:00:00
ImageMagick vulnerabilities
2019-06-25 00:00:00
cloudfoundry
cloudfoundry
USN-3785-1: ImageMagick vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
mageia
mageia
Updated graphicsmagick packages fix security vulnerabilities & bugs
2019-01-01 01:42:09
fedora
fedora
[SECURITY] Fedora 30 Update: GraphicsMagick-1.3.32-1.fc30
2019-06-30 00:57:16
[SECURITY] Fedora 29 Update: GraphicsMagick-1.3.32-1.fc29
2019-06-30 02:27:02
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
redhat
redhat
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0.021
Percentile
89.5%
Related for OPENSUSE-2018-1312.NASL