{"id": "SUSE_SA_2006_066.NASL", "bulletinFamily": "scanner", "title": "SUSE-SA:2006:066: ImageMagick", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:066 (ImageMagick).\n\n\nTwo security problems were found in the GraphicsMagick tool set which\nare also present in ImageMagick.\n\nCVE-2006-5456: Multiple buffer overflows in ImageMagick allowed\nuser-assisted attackers to cause a denial of service and possibly\nexecute execute arbitrary code via (1) a DCM image that is not\nproperly handled by the ReadDCMImage function in coders/dcm.c, or\n(2) a PALM image that is not properly handled by the ReadPALMImage\nfunction in coders/palm.c.\n\nAdditionally a segfault regression when converting a PGM image was\nfixed on SLE 10.", "published": "2007-02-18T00:00:00", "modified": "2007-02-18T00:00:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/24443", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2006-5456"], "type": "nessus", "lastseen": "2021-01-17T14:14:49", "edition": 6, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5456"]}, {"type": "ubuntu", "idList": ["USN-372-1", "USN-422-1"]}, {"type": "slackware", "idList": ["SSA-2007-066-06"]}, {"type": "gentoo", "idList": ["GLSA-200611-07", "GLSA-200611-19"]}, {"type": "osvdb", "idList": ["OSVDB:29990", "OSVDB:29989"]}, {"type": "openvas", "idList": ["OPENVAS:58134", "OPENVAS:58015", "OPENVAS:840048", "OPENVAS:136141256231058134", "OPENVAS:1361412562310830341", "OPENVAS:57920", "OPENVAS:861508", "OPENVAS:57932", "OPENVAS:57586", "OPENVAS:830341"]}, {"type": "suse", "idList": ["SUSE-SA:2006:066"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:16018", "SECURITYVULNS:DOC:15041", "SECURITYVULNS:VULN:6494", "SECURITYVULNS:DOC:15221"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2007-041.NASL", "GENTOO_GLSA-200611-07.NASL", "SLACKWARE_SSA_2007-066-06.NASL", "SUSE_IMAGEMAGICK-2585.NASL", "GENTOO_GLSA-200611-19.NASL", "SUSE_IMAGEMAGICK-2235.NASL", "SUSE_GRAPHICSMAGICK-2593.NASL", "MANDRAKE_MDKSA-2006-193.NASL", "UBUNTU_USN-372-1.NASL", "SUSE_IMAGEMAGICK-2239.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1213-1:7BA5F", "DEBIAN:DSA-1260-1:69336"]}, {"type": "centos", "idList": ["CESA-2007:0015-01", "CESA-2007:0015"]}, {"type": "redhat", "idList": ["RHSA-2007:0015"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0015"]}, {"type": "fedora", "idList": ["FEDORA:L6UH4ML0013916", "FEDORA:L3HCRQ4Q012116"]}], "modified": "2021-01-17T14:14:49", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-17T14:14:49", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:066\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24443);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:066: ImageMagick\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:066 (ImageMagick).\n\n\nTwo security problems were found in the GraphicsMagick tool set which\nare also present in ImageMagick.\n\nCVE-2006-5456: Multiple buffer overflows in ImageMagick allowed\nuser-assisted attackers to cause a denial of service and possibly\nexecute execute arbitrary code via (1) a DCM image that is not\nproperly handled by the ReadDCMImage function in coders/dcm.c, or\n(2) a PALM image that is not properly handled by the ReadPALMImage\nfunction in coders/palm.c.\n\nAdditionally a segfault regression when converting a PGM image was\nfixed on SLE 10.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the ImageMagick package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"ImageMagick-6.2.3-4.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-Magick++-6.2.3-4.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-Magick++-devel-6.2.3-4.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-devel-6.2.3-4.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"perl-PerlMagick-6.2.3-4.6\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-6.1.8-6.6\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-Magick++-6.1.8-6.6\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-Magick++-devel-6.1.8-6.6\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"ImageMagick-devel-6.1.8-6.6\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"perl-PerlMagick-6.1.8-6.6\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "24443", "cpe": [], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:27:25", "description": "Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.\nThis vulnerability is addressed in the following product release:\r\nGraphicsMagick, GraphicsMagick, 1.1.7\r\nUnable to identify a patch for ImageMagick.", "edition": 6, "cvss3": {}, "published": "2006-10-23T17:07:00", "title": "CVE-2006-5456", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-5456"], "modified": "2018-10-17T21:43:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.1.3", "cpe:/a:graphicsmagick:graphicsmagick:1.0.6", "cpe:/a:graphicsmagick:graphicsmagick:1.1.6", "cpe:/a:graphicsmagick:graphicsmagick:1.0", "cpe:/a:graphicsmagick:graphicsmagick:1.1", "cpe:/a:graphicsmagick:graphicsmagick:1.1.5", "cpe:/a:imagemagick:imagemagick:6.0.7", "cpe:/a:graphicsmagick:graphicsmagick:1.1.4"], "id": "CVE-2006-5456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5456", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:41:26", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456"], "description": "M. Joonas Pihlaja discovered that ImageMagick did not sufficiently \nverify the validity of PALM and DCM images. When processing a \nspecially crafted image with an application that uses imagemagick, \nthis could be exploited to execute arbitrary code with the \napplication's privileges.", "edition": 6, "modified": "2006-11-01T00:00:00", "published": "2006-11-01T00:00:00", "id": "USN-372-1", "href": "https://ubuntu.com/security/notices/USN-372-1", "title": "imagemagick vulnerability", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:30:58", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released \nin USN-372-1, did not correctly solve the original flaw in PALM image \nhandling. By tricking a user into processing a specially crafted image \nwith an application that uses imagemagick, an attacker could execute \narbitrary code with the user's privileges.", "edition": 6, "modified": "2007-02-15T00:00:00", "published": "2007-02-15T00:00:00", "id": "USN-422-1", "href": "https://ubuntu.com/security/notices/USN-422-1", "title": "ImageMagick vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456"], "description": "A new imagemagick package is available for Slackware 11.0 to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\nxap/imagemagick-6.3.3_0-i486-1_slack11.0.tgz:\n Upgraded to imagemagick-6.3.3-0.\n The original fix for PALM image handling has been corrected.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456\n (* Security fix *)\n\nWhere to find the new package:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/imagemagick-6.3.3_0-i486-1_slack11.0.tgz\n\n\nMD5 signature:\n\nSlackware 11.0 package:\naa74825b927c5fcd596cbc4fdbbb5e1f imagemagick-6.3.3_0-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg imagemagick-6.3.3_0-i486-1_slack11.0.tgz", "modified": "2007-03-08T02:37:38", "published": "2007-03-08T02:37:38", "id": "SSA-2007-066-06", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092", "type": "slackware", "title": "[slackware-security] imagemagick", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456"], "description": "### Background\n\nImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. \n\n### Description\n\nM. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted DCM or PALM image with ImageMagick, and possibly execute arbitrary code with the privileges of the user running ImageMagick. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ImageMagick users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/imagemagick-6.3.0.5\"", "edition": 1, "modified": "2006-11-24T00:00:00", "published": "2006-11-24T00:00:00", "id": "GLSA-200611-19", "href": "https://security.gentoo.org/glsa/200611-19", "type": "gentoo", "title": "ImageMagick: PALM and DCM buffer overflows", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456"], "description": "### Background\n\nGraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats. \n\n### Description\n\nM. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. \n\n### Impact\n\nAn attacker could entice a user to open a specially crafted DCM or PALM image with GraphicsMagick, and possibly execute arbitrary code with the privileges of the user running GraphicsMagick. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GraphicsMagick users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/graphicsmagick-1.1.7-r3\"", "edition": 1, "modified": "2006-11-13T00:00:00", "published": "2006-11-13T00:00:00", "id": "GLSA-200611-07", "href": "https://security.gentoo.org/glsa/200611-07", "type": "gentoo", "title": "GraphicsMagick: PALM and DCM buffer overflows", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456"], "edition": 1, "description": "## Vulnerability Description\nA local buffer overflow exists in ImageMagick. The application fails to check boundary conditions in the 'ReadPALMImage()' function resulting in a heap overflow. With a specially crafted request, an attacker can cause a denial of service and possibly execution of arbitrary code, resulting in a loss of availability. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image.\n## Technical Description\nDue to a released patch, which seems ineffective to correct the issue, this advisory is replaced by OSVDB ID 31911.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Suse/Novell, Ubuntu, Debian, Gentoo, RedHat and Mandriva have released patches to address this vulnerability.\n## Short Description\nA local buffer overflow exists in ImageMagick. The application fails to check boundary conditions in the 'ReadPALMImage()' function resulting in a heap overflow. With a specially crafted request, an attacker can cause a denial of service and possibly execution of arbitrary code, resulting in a loss of availability. In order to exploit this issue an attacker has to persuade the victim to open a malformed PALM image.\n## References:\nVendor Specific News/Changelog Entry: http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/current/changelog#versionversion1.1.7-12\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-372-1)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1213)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-811)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0003.html)\n[Secunia Advisory ID:23121](https://secuniaresearch.flexerasoftware.com/advisories/23121/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:22601](https://secuniaresearch.flexerasoftware.com/advisories/22601/)\n[Secunia Advisory ID:22819](https://secuniaresearch.flexerasoftware.com/advisories/22819/)\n[Secunia Advisory ID:22834](https://secuniaresearch.flexerasoftware.com/advisories/22834/)\n[Secunia Advisory ID:22998](https://secuniaresearch.flexerasoftware.com/advisories/22998/)\n[Secunia Advisory ID:24186](https://secuniaresearch.flexerasoftware.com/advisories/24186/)\n[Secunia Advisory ID:24196](https://secuniaresearch.flexerasoftware.com/advisories/24196/)\n[Secunia Advisory ID:24148](https://secuniaresearch.flexerasoftware.com/advisories/24148/)\n[Secunia Advisory ID:24458](https://secuniaresearch.flexerasoftware.com/advisories/24458/)\n[Secunia Advisory ID:23090](https://secuniaresearch.flexerasoftware.com/advisories/23090/)\n[Secunia Advisory ID:22572](https://secuniaresearch.flexerasoftware.com/advisories/22572/)\n[Secunia Advisory ID:22604](https://secuniaresearch.flexerasoftware.com/advisories/22604/)\n[Related OSVDB ID: 29989](https://vulners.com/osvdb/OSVDB:29989)\n[Related OSVDB ID: 31911](https://vulners.com/osvdb/OSVDB:31911)\nRedHat RHSA: RHSA-2007:0015\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-19.xml\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_66_imagemagick.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-372-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://www.ubuntu.com/usn/usn-422-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:193\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Feb/0003.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092\nISS X-Force ID: 29816\nFrSIRT Advisory: ADV-2006-4171\n[CVE-2006-5456](https://vulners.com/cve/CVE-2006-5456)\nBugtraq ID: 20707\n", "modified": "2006-10-24T11:33:43", "published": "2006-10-24T11:33:43", "href": "https://vulners.com/osvdb/OSVDB:29990", "id": "OSVDB:29990", "title": "ImageMagick ReadPALMImage Function Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-372-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200611-07.xml)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1213)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-811)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0003.html)\n[Secunia Advisory ID:22569](https://secuniaresearch.flexerasoftware.com/advisories/22569/)\n[Secunia Advisory ID:23121](https://secuniaresearch.flexerasoftware.com/advisories/23121/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:22601](https://secuniaresearch.flexerasoftware.com/advisories/22601/)\n[Secunia Advisory ID:22819](https://secuniaresearch.flexerasoftware.com/advisories/22819/)\n[Secunia Advisory ID:22834](https://secuniaresearch.flexerasoftware.com/advisories/22834/)\n[Secunia Advisory ID:22998](https://secuniaresearch.flexerasoftware.com/advisories/22998/)\n[Secunia Advisory ID:24186](https://secuniaresearch.flexerasoftware.com/advisories/24186/)\n[Secunia Advisory ID:24196](https://secuniaresearch.flexerasoftware.com/advisories/24196/)\n[Secunia Advisory ID:24148](https://secuniaresearch.flexerasoftware.com/advisories/24148/)\n[Secunia Advisory ID:24458](https://secuniaresearch.flexerasoftware.com/advisories/24458/)\n[Secunia Advisory ID:23090](https://secuniaresearch.flexerasoftware.com/advisories/23090/)\n[Secunia Advisory ID:22572](https://secuniaresearch.flexerasoftware.com/advisories/22572/)\n[Secunia Advisory ID:22604](https://secuniaresearch.flexerasoftware.com/advisories/22604/)\n[Related OSVDB ID: 29990](https://vulners.com/osvdb/OSVDB:29990)\nRedHat RHSA: RHSA-2007:0015\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-19.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://www.ubuntu.com/usn/usn-422-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:193\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Feb/0003.html\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092\n[CVE-2006-5456](https://vulners.com/cve/CVE-2006-5456)\n", "modified": "2006-09-29T11:33:43", "published": "2006-09-29T11:33:43", "href": "https://vulners.com/osvdb/OSVDB:29989", "id": "OSVDB:29989", "title": "ImageMagick coders/dcm.c Unspecified Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-066-06.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:58134", "href": "http://plugins.openvas.org/nasl.php?oid=58134", "type": "openvas", "title": "Slackware Advisory SSA:2007-066-06 imagemagick", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_066_06.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A new imagemagick package is available for Slackware 11.0 to\nfix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-066-06.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-066-06\";\n \nif(description)\n{\n script_id(58134);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-5456\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-066-06 imagemagick \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"imagemagick\", ver:\"6.3.3_0-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57920", "href": "http://plugins.openvas.org/nasl.php?oid=57920", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-07 (graphicsmagick)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GraphicsMagick improperly handles PALM and DCM images, potentially\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All GraphicsMagick users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=media-gfx/graphicsmagick-1.1.7-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=152668\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-07.\";\n\n \n\nif(description)\n{\n script_id(57920);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5456\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200611-07 (graphicsmagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/graphicsmagick\", unaffected: make_list(\"ge 1.1.7-r3\"), vulnerable: make_list(\"lt 1.1.7-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-066-06.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058134", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058134", "type": "openvas", "title": "Slackware Advisory SSA:2007-066-06 imagemagick", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_066_06.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58134\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-5456\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-066-06 imagemagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK11\\.0\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-066-06\");\n\n script_tag(name:\"insight\", value:\"A new imagemagick package is available for Slackware 11.0 to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-066-06.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"imagemagick\", ver:\"6.3.3_0-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-19.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57932", "href": "http://plugins.openvas.org/nasl.php?oid=57932", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-19 (imagemagick)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ImageMagick improperly handles PALM and DCM images, potentially resulting\nin the execution of arbitrary code.\";\ntag_solution = \"All ImageMagick users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.3.0.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=152672\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-19.\";\n\n \n\nif(description)\n{\n script_id(57932);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5456\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200611-19 (imagemagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/imagemagick\", unaffected: make_list(\"ge 6.3.0.5\"), vulnerable: make_list(\"lt 6.3.0.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "Check for the Version of ImageMagick", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830341", "href": "http://plugins.openvas.org/nasl.php?oid=830341", "type": "openvas", "title": "Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and\n ImageMagick allows user-assisted attackers to cause a denial of service\n and possibly execute execute arbitrary code via a PALM image that is\n not properly handled by the ReadPALMImage function in coders/palm.c.\n\n This is related to an earlier fix for CVE-2006-5456 that did not fully\n correct the issue.\n \n Updated packages have been patched to correct this issue.\";\n\ntag_affected = \"ImageMagick on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-02/msg00011.php\");\n script_id(830341);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:041\");\n script_cve_id(\"CVE-2006-5456\", \"CVE-2007-0770\");\n script_name( \"Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)\");\n\n script_summary(\"Check for the Version of ImageMagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick10.4.0\", rpm:\"libMagick10.4.0~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick10.4.0-devel\", rpm:\"libMagick10.4.0-devel~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick10.4.0\", rpm:\"lib64Magick10.4.0~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick10.4.0-devel\", rpm:\"lib64Magick10.4.0-devel~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick8.4.2\", rpm:\"libMagick8.4.2~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick8.4.2-devel\", rpm:\"libMagick8.4.2-devel~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick8.4.2\", rpm:\"lib64Magick8.4.2~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick8.4.2-devel\", rpm:\"lib64Magick8.4.2-devel~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "Check for the Version of ImageMagick", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830341", "type": "openvas", "title": "Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and\n ImageMagick allows user-assisted attackers to cause a denial of service\n and possibly execute execute arbitrary code via a PALM image that is\n not properly handled by the ReadPALMImage function in coders/palm.c.\n\n This is related to an earlier fix for CVE-2006-5456 that did not fully\n correct the issue.\n \n Updated packages have been patched to correct this issue.\";\n\ntag_affected = \"ImageMagick on Mandriva Linux 2006.0,\n Mandriva Linux 2006.0/X86_64,\n Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-02/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830341\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:041\");\n script_cve_id(\"CVE-2006-5456\", \"CVE-2007-0770\");\n script_name( \"Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ImageMagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick10.4.0\", rpm:\"libMagick10.4.0~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick10.4.0-devel\", rpm:\"libMagick10.4.0-devel~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick10.4.0\", rpm:\"lib64Magick10.4.0~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick10.4.0-devel\", rpm:\"lib64Magick10.4.0-devel~6.2.9.2~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2006.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick8.4.2\", rpm:\"libMagick8.4.2~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libMagick8.4.2-devel\", rpm:\"libMagick8.4.2-devel~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick8.4.2\", rpm:\"lib64Magick8.4.2~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64Magick8.4.2-devel\", rpm:\"lib64Magick8.4.2-devel~6.2.4.3~1.5.20060mdk\", rls:\"MNDK_2006.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "The remote host is missing an update to imagemagick\nannounced via advisory DSA 1260-1.\n\nVladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation programs,\nwas ineffective. To avoid confusion a new CVE ID has been assigned;\ntha original issue was tracked as CVE-2006-5456.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58015", "href": "http://plugins.openvas.org/nasl.php?oid=58015", "type": "openvas", "title": "Debian Security Advisory DSA 1260-1 (imagemagick)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1260_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1260-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 6:6.0.6.2-2.9.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 7:6.2.4.5.dfsg1-0.14.\n\nFor the unstable distribution (sid) this problems has been fixed in\nversion 7:6.2.4.5.dfsg1-0.14.\n\nWe recommend that you upgrade your imagemagick packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201260-1\";\ntag_summary = \"The remote host is missing an update to imagemagick\nannounced via advisory DSA 1260-1.\n\nVladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation programs,\nwas ineffective. To avoid confusion a new CVE ID has been assigned;\ntha original issue was tracked as CVE-2006-5456.\";\n\n\nif(description)\n{\n script_id(58015);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-0770\", \"CVE-2006-5456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1260-1 (imagemagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++6\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++6-dev\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick6\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick6-dev\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.0.6.2-2.9\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-422-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840048", "href": "http://plugins.openvas.org/nasl.php?oid=840048", "type": "openvas", "title": "Ubuntu Update for imagemagick vulnerabilities USN-422-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_422_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for imagemagick vulnerabilities USN-422-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released\n in USN-372-1, did not correctly solve the original flaw in PALM image\n handling. By tricking a user into processing a specially crafted image\n with an application that uses imagemagick, an attacker could execute\n arbitrary code with the user's privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-422-1\";\ntag_affected = \"imagemagick vulnerabilities on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-422-1/\");\n script_id(840048);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"422-1\");\n script_cve_id(\"CVE-2006-5456\", \"CVE-2007-0770\");\n script_name( \"Ubuntu Update for imagemagick vulnerabilities USN-422-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++9-dev\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++9c2a\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick9-dev\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick9\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.2.4.5-0.6ubuntu0.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++9-dev\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++9c2a\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick9-dev\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick9\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.2.4.5.dfsg1-0.10ubuntu0.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++6-dev\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++6c2\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick6-dev\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick6\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.2.3.4-1ubuntu1.6\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2006-5868", "CVE-2006-4144", "CVE-2006-0082"], "description": "The remote host is missing an update to imagemagick\nannounced via advisory DSA 1213-1.\n\nSeveral remote vulnerabilities have been discovered in Imagemagick,\na collection of image manipulation programs, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2006-0082\n\nDaniel Kobras discovered that Imagemagick is vulnerable to format\nstring attacks in the filename parsing code.\n\nCVE-2006-4144\n\nDamian Put discovered that Imagemagick is vulnerable to buffer\noverflows in the module for SGI images.\n\nCVE-2006-5456\n\nM Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer\noverflows in the module for DCM and PALM images.\n\nCVE-2006-5868\n\nDaniel Kobras discovered that Imagemagick is vulnerable to buffer\noverflows in the module for SGI images.\n\nThis update also adresses regressions in the XCF codec, which were\nintroduced in the previous security update.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57586", "href": "http://plugins.openvas.org/nasl.php?oid=57586", "type": "openvas", "title": "Debian Security Advisory DSA 1213-1 (imagemagick)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1213_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1213-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 6:6.0.6.2-2.8.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 7:6.2.4.5.dfsg1-0.11.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7:6.2.4.5.dfsg1-0.11.\n\nWe recommend that you upgrade your imagemagick packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201213-1\";\ntag_summary = \"The remote host is missing an update to imagemagick\nannounced via advisory DSA 1213-1.\n\nSeveral remote vulnerabilities have been discovered in Imagemagick,\na collection of image manipulation programs, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2006-0082\n\nDaniel Kobras discovered that Imagemagick is vulnerable to format\nstring attacks in the filename parsing code.\n\nCVE-2006-4144\n\nDamian Put discovered that Imagemagick is vulnerable to buffer\noverflows in the module for SGI images.\n\nCVE-2006-5456\n\nM Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer\noverflows in the module for DCM and PALM images.\n\nCVE-2006-5868\n\nDaniel Kobras discovered that Imagemagick is vulnerable to buffer\noverflows in the module for SGI images.\n\nThis update also adresses regressions in the XCF codec, which were\nintroduced in the previous security update.\";\n\n\nif(description)\n{\n script_id(57586);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0082\", \"CVE-2006-4144\", \"CVE-2006-5456\", \"CVE-2006-5868\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1213-1 (imagemagick)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++6\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++6-dev\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick6\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick6-dev\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.0.6.2-2.8\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2006-4144", "CVE-2006-3743", "CVE-2007-1797"], "description": "Check for the Version of ImageMagick", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861508", "href": "http://plugins.openvas.org/nasl.php?oid=861508", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2007-414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ImageMagick FEDORA-2007-414\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ImageMagick(TM) is an image display and manipulation tool for the X\n Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,\n and Photo CD image formats. It can resize, rotate, sharpen, color\n reduce, or add special effects to an image, and when finished you can\n either save the completed work in the original format or a different\n one. ImageMagick also includes command line programs for creating\n animated or transparent .gifs, creating composite images, creating\n thumbnail images, and more.\n\n ImageMagick is one of your choices if you need a program to manipulate\n and dis play images. If you want to develop your own applications\n which use ImageMagick code or APIs, you need to install\n ImageMagick-devel as well\";\n\ntag_affected = \"ImageMagick on Fedora Core 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00047.html\");\n script_id(861508);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-414\");\n script_cve_id(\"CVE-2007-1797\", \"CVE-2006-5456\", \"CVE-2006-3743\", \"CVE-2006-4144\");\n script_name( \"Fedora Update for ImageMagick FEDORA-2007-414\");\n\n script_summary(\"Check for the Version of ImageMagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ImageMagick-c++-devel\", rpm:\"x86_64/ImageMagick-c++-devel~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ImageMagick-c++\", rpm:\"x86_64/ImageMagick-c++~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ImageMagick\", rpm:\"x86_64/ImageMagick~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/ImageMagick-debuginfo\", rpm:\"x86_64/debug/ImageMagick-debuginfo~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ImageMagick-perl\", rpm:\"x86_64/ImageMagick-perl~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/ImageMagick-devel\", rpm:\"x86_64/ImageMagick-devel~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ImageMagick\", rpm:\"i386/ImageMagick~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ImageMagick-c++-devel\", rpm:\"i386/ImageMagick-c++-devel~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ImageMagick-perl\", rpm:\"i386/ImageMagick-perl~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/ImageMagick-debuginfo\", rpm:\"i386/debug/ImageMagick-debuginfo~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ImageMagick-c++\", rpm:\"i386/ImageMagick-c++~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/ImageMagick-devel\", rpm:\"i386/ImageMagick-devel~6.2.5.4~4.2.1.fc5.8\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456"], "description": "Two security problems were found in the GraphicsMagick tool set which are also present in ImageMagick.\n#### Solution\nPlease install the updated packages.", "edition": 1, "modified": "2006-11-14T12:50:06", "published": "2006-11-14T12:50:06", "id": "SUSE-SA:2006:066", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-11/msg00015.html", "type": "suse", "title": "remote denial of service in ImageMagick", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:38", "description": "Multiple buffer overflows in GraphicsMagick before 1.1.7 and\nImageMagick 6.0.7 allow user-assisted attackers to cause a denial of\nservice and possibly execute execute arbitrary code via (1) a DCM\nimage that is not properly handled by the ReadDCMImage function in\ncoders/dcm.c, or (2) a PALM image that is not properly handled by the\nReadPALMImage function in coders/palm.c.\n\nUpdated packages have been patched to correct these issues.", "edition": 24, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:193)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel", "p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel", "p-cpe:/a:mandriva:linux:perl-Image-Magick", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:libMagick8.4.2-devel", "p-cpe:/a:mandriva:linux:lib64Magick10.4.0", "p-cpe:/a:mandriva:linux:ImageMagick-doc", "p-cpe:/a:mandriva:linux:ImageMagick", "p-cpe:/a:mandriva:linux:libMagick10.4.0-devel", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libMagick10.4.0", "p-cpe:/a:mandriva:linux:libMagick8.4.2", "p-cpe:/a:mandriva:linux:lib64Magick8.4.2"], "id": "MANDRAKE_MDKSA-2006-193.NASL", "href": "https://www.tenable.com/plugins/nessus/24578", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:193. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24578);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5456\");\n script_bugtraq_id(20707);\n script_xref(name:\"MDKSA\", value:\"2006:193\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2006:193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows in GraphicsMagick before 1.1.7 and\nImageMagick 6.0.7 allow user-assisted attackers to cause a denial of\nservice and possibly execute execute arbitrary code via (1) a DCM\nimage that is not properly handled by the ReadDCMImage function in\ncoders/dcm.c, or (2) a PALM image that is not properly handled by the\nReadPALMImage function in coders/palm.c.\n\nUpdated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick10.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick8.4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick10.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick10.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick8.4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ImageMagick-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ImageMagick-doc-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64Magick8.4.2-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64Magick8.4.2-devel-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libMagick8.4.2-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libMagick8.4.2-devel-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"perl-Image-Magick-6.2.4.3-1.3.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"ImageMagick-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ImageMagick-doc-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64Magick10.4.0-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64Magick10.4.0-devel-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libMagick10.4.0-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libMagick10.4.0-devel-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"perl-Image-Magick-6.2.9.2-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:18", "description": "A new imagemagick package is available for Slackware 11.0 to fix\nsecurity issues.", "edition": 24, "published": "2007-03-12T00:00:00", "title": "Slackware 11.0 : imagemagick (SSA:2007-066-06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2007-03-12T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:imagemagick", "cpe:/o:slackware:slackware_linux:11.0"], "id": "SLACKWARE_SSA_2007-066-06.NASL", "href": "https://www.tenable.com/plugins/nessus/24792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-066-06. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24792);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5456\");\n script_xref(name:\"SSA\", value:\"2007-066-06\");\n\n script_name(english:\"Slackware 11.0 : imagemagick (SSA:2007-066-06)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new imagemagick package is available for Slackware 11.0 to fix\nsecurity issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.352092\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61bc8c9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imagemagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"imagemagick\", pkgver:\"6.3.3_0\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:09", "description": "The remote host is affected by the vulnerability described in GLSA-200611-19\n(ImageMagick: PALM and DCM buffer overflows)\n\n M. Joonas Pihlaja has reported that a boundary error exists within the\n ReadDCMImage() function of coders/dcm.c, causing the improper handling\n of DCM images. Pihlaja also reported that there are several boundary\n errors in the ReadPALMImage() function of coders/palm.c, similarly\n causing the improper handling of PALM images.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted DCM or PALM\n image with ImageMagick, and possibly execute arbitrary code with the\n privileges of the user running ImageMagick.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-11-27T00:00:00", "title": "GLSA-200611-19 : ImageMagick: PALM and DCM buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2006-11-27T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:imagemagick"], "id": "GENTOO_GLSA-200611-19.NASL", "href": "https://www.tenable.com/plugins/nessus/23727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-19.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23727);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5456\");\n script_bugtraq_id(20707);\n script_xref(name:\"GLSA\", value:\"200611-19\");\n\n script_name(english:\"GLSA-200611-19 : ImageMagick: PALM and DCM buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-19\n(ImageMagick: PALM and DCM buffer overflows)\n\n M. Joonas Pihlaja has reported that a boundary error exists within the\n ReadDCMImage() function of coders/dcm.c, causing the improper handling\n of DCM images. Pihlaja also reported that there are several boundary\n errors in the ReadPALMImage() function of coders/palm.c, similarly\n causing the improper handling of PALM images.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted DCM or PALM\n image with ImageMagick, and possibly execute arbitrary code with the\n privileges of the user running ImageMagick.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.3.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.3.0.5\"), vulnerable:make_list(\"lt 6.3.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:08", "description": "The remote host is affected by the vulnerability described in GLSA-200611-07\n(GraphicsMagick: PALM and DCM buffer overflows)\n\n M. Joonas Pihlaja has reported that a boundary error exists within the\n ReadDCMImage() function of coders/dcm.c, causing the improper handling\n of DCM images. Pihlaja also reported that there are several boundary\n errors in the ReadPALMImage() function of coders/palm.c, similarly\n causing the improper handling of PALM images.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted DCM or PALM\n image with GraphicsMagick, and possibly execute arbitrary code with the\n privileges of the user running GraphicsMagick.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-11-20T00:00:00", "title": "GLSA-200611-07 : GraphicsMagick: PALM and DCM buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2006-11-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:graphicsmagick", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200611-07.NASL", "href": "https://www.tenable.com/plugins/nessus/23672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23672);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5456\");\n script_bugtraq_id(20707);\n script_xref(name:\"GLSA\", value:\"200611-07\");\n\n script_name(english:\"GLSA-200611-07 : GraphicsMagick: PALM and DCM buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-07\n(GraphicsMagick: PALM and DCM buffer overflows)\n\n M. Joonas Pihlaja has reported that a boundary error exists within the\n ReadDCMImage() function of coders/dcm.c, causing the improper handling\n of DCM images. Pihlaja also reported that there are several boundary\n errors in the ReadPALMImage() function of coders/palm.c, similarly\n causing the improper handling of PALM images.\n \nImpact :\n\n An attacker could entice a user to open a specially crafted DCM or PALM\n image with GraphicsMagick, and possibly execute arbitrary code with the\n privileges of the user running GraphicsMagick.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GraphicsMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/graphicsmagick-1.1.7-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/graphicsmagick\", unaffected:make_list(\"ge 1.1.7-r3\"), vulnerable:make_list(\"lt 1.1.7-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:04", "description": "Two security problems were found in GraphicsMagick which are also\npresent in ImageMagick.\n\nCVE-2006-5456: Multiple buffer overflows in ImageMagick allowed\nuser-assisted attackers to cause a denial of service and possibly\nexecute arbitrary code via (1) a DCM image that is not properly\nhandled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM\nimage that is not properly handled by the ReadPALMImage function in\ncoders/palm.c.\n\nAdditionaly a segfault regression when converting a PGM image was\nfixed on SLE 10.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : ImageMagick (ImageMagick-2235)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick-Magick++", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:ImageMagick-Magick++-devel", "p-cpe:/a:novell:opensuse:perl-PerlMagick"], "id": "SUSE_IMAGEMAGICK-2235.NASL", "href": "https://www.tenable.com/plugins/nessus/27105", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ImageMagick-2235.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27105);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5456\");\n\n script_name(english:\"openSUSE 10 Security Update : ImageMagick (ImageMagick-2235)\");\n script_summary(english:\"Check for the ImageMagick-2235 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security problems were found in GraphicsMagick which are also\npresent in ImageMagick.\n\nCVE-2006-5456: Multiple buffer overflows in ImageMagick allowed\nuser-assisted attackers to cause a denial of service and possibly\nexecute arbitrary code via (1) a DCM image that is not properly\nhandled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM\nimage that is not properly handled by the ReadPALMImage function in\ncoders/palm.c.\n\nAdditionaly a segfault regression when converting a PGM image was\nfixed on SLE 10.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-Magick++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-Magick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-6.2.5-16.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-Magick++-6.2.5-16.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-Magick++-devel-6.2.5-16.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-devel-6.2.5-16.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"perl-PerlMagick-6.2.5-16.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:35:28", "description": "M. Joonas Pihlaja discovered that ImageMagick did not sufficiently\nverify the validity of PALM and DCM images. When processing a\nspecially crafted image with an application that uses imagemagick,\nthis could be exploited to execute arbitrary code with the\napplication's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerability (USN-372-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:libmagick9", "p-cpe:/a:canonical:ubuntu_linux:libmagick++9-dev", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6", "p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:libmagick++6c2", "p-cpe:/a:canonical:ubuntu_linux:libmagick6", "p-cpe:/a:canonical:ubuntu_linux:libmagick++9c2a", "p-cpe:/a:canonical:ubuntu_linux:libmagick9-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-372-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27953);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-5456\");\n script_bugtraq_id(20707);\n script_xref(name:\"USN\", value:\"372-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : imagemagick vulnerability (USN-372-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"M. Joonas Pihlaja discovered that ImageMagick did not sufficiently\nverify the validity of PALM and DCM images. When processing a\nspecially crafted image with an application that uses imagemagick,\nthis could be exploited to execute arbitrary code with the\napplication's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/372-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++6c2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++9c2a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick9-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"imagemagick\", pkgver:\"6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmagick++6\", pkgver:\"6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmagick++6-dev\", pkgver:\"6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmagick6\", pkgver:\"6:6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmagick6-dev\", pkgver:\"6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"perlmagick\", pkgver:\"6.0.6.2-2.1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"imagemagick\", pkgver:\"6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmagick++6-dev\", pkgver:\"6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmagick++6c2\", pkgver:\"6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmagick6\", pkgver:\"6:6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmagick6-dev\", pkgver:\"6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"perlmagick\", pkgver:\"6.2.3.4-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"imagemagick\", pkgver:\"6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmagick++9-dev\", pkgver:\"6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmagick++9c2a\", pkgver:\"6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmagick9\", pkgver:\"6:6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libmagick9-dev\", pkgver:\"6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"perlmagick\", pkgver:\"6.2.4.5-0.6ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"imagemagick\", pkgver:\"6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmagick++9-dev\", pkgver:\"6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmagick++9c2a\", pkgver:\"6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmagick9\", pkgver:\"7:6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libmagick9-dev\", pkgver:\"6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"perlmagick\", pkgver:\"6.2.4.5.dfsg1-0.10ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++6 / libmagick++6-dev / libmagick++6c2 / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:04", "description": "Two security problems were found in GraphicsMagick which are also\npresent in ImageMagick.\n\n - Multiple buffer overflows in ImageMagick allowed\n user-assisted attackers to cause a denial of service and\n possibly execute execute arbitrary code via (1) a DCM\n image that is not properly handled by the ReadDCMImage\n function in coders/dcm.c, or (2) a PALM image that is\n not properly handled by the ReadPALMImage function in\n coders/palm.c. (CVE-2006-5456)\n\nAdditionally a segfault regression when converting a PGM image was\nfixed on SLE 10.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2239)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_IMAGEMAGICK-2239.NASL", "href": "https://www.tenable.com/plugins/nessus/29348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29348);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5456\");\n\n script_name(english:\"SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 2239)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security problems were found in GraphicsMagick which are also\npresent in ImageMagick.\n\n - Multiple buffer overflows in ImageMagick allowed\n user-assisted attackers to cause a denial of service and\n possibly execute execute arbitrary code via (1) a DCM\n image that is not properly handled by the ReadDCMImage\n function in coders/dcm.c, or (2) a PALM image that is\n not properly handled by the ReadPALMImage function in\n coders/palm.c. (CVE-2006-5456)\n\nAdditionally a segfault regression when converting a PGM image was\nfixed on SLE 10.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5456.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2239.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"ImageMagick-6.2.5-16.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"ImageMagick-Magick++-6.2.5-16.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"ImageMagick-devel-6.2.5-16.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:41", "description": "Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and\nImageMagick allows user-assisted attackers to cause a denial of\nservice and possibly execute execute arbitrary code via a PALM image\nthat is not properly handled by the ReadPALMImage function in\ncoders/palm.c.\n\nThis is related to an earlier fix for CVE-2006-5456 that did not fully\ncorrect the issue.\n\nUpdated packages have been patched to correct this issue.", "edition": 25, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel", "p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel", "p-cpe:/a:mandriva:linux:perl-Image-Magick", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:libMagick8.4.2-devel", "p-cpe:/a:mandriva:linux:lib64Magick10.4.0", "p-cpe:/a:mandriva:linux:ImageMagick-doc", "p-cpe:/a:mandriva:linux:ImageMagick", "p-cpe:/a:mandriva:linux:libMagick10.4.0-devel", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libMagick10.4.0", "p-cpe:/a:mandriva:linux:libMagick8.4.2", "p-cpe:/a:mandriva:linux:lib64Magick8.4.2"], "id": "MANDRAKE_MDKSA-2007-041.NASL", "href": "https://www.tenable.com/plugins/nessus/24654", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24654);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0770\");\n script_bugtraq_id(20707);\n script_xref(name:\"MDKSA\", value:\"2007:041\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2007:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and\nImageMagick allows user-assisted attackers to cause a denial of\nservice and possibly execute execute arbitrary code via a PALM image\nthat is not properly handled by the ReadPALMImage function in\ncoders/palm.c.\n\nThis is related to an earlier fix for CVE-2006-5456 that did not fully\ncorrect the issue.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick10.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick10.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick8.4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64Magick8.4.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick10.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick10.4.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick8.4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libMagick8.4.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ImageMagick-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ImageMagick-doc-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64Magick8.4.2-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libMagick8.4.2-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"perl-Image-Magick-6.2.4.3-1.5.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"ImageMagick-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"ImageMagick-doc-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libMagick10.4.0-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"perl-Image-Magick-6.2.9.2-1.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:14:04", "description": "This update fixes a broken patch for CVE-2006-5456 and minor\nnon-security issues. (CVE-2007-0770)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : ImageMagick (ImageMagick-2585)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:ImageMagick-Magick++", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:ImageMagick-Magick++-devel", "p-cpe:/a:novell:opensuse:perl-PerlMagick"], "id": "SUSE_IMAGEMAGICK-2585.NASL", "href": "https://www.tenable.com/plugins/nessus/27107", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ImageMagick-2585.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27107);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5456\", \"CVE-2007-0770\");\n\n script_name(english:\"openSUSE 10 Security Update : ImageMagick (ImageMagick-2585)\");\n script_summary(english:\"Check for the ImageMagick-2585 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a broken patch for CVE-2006-5456 and minor\nnon-security issues. (CVE-2007-0770)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-Magick++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-Magick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-6.2.5-16.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-Magick++-6.2.5-16.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-Magick++-devel-6.2.5-16.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"ImageMagick-devel-6.2.5-16.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"perl-PerlMagick-6.2.5-16.17\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ImageMagick-6.3.0.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ImageMagick-Magick++-6.3.0.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ImageMagick-Magick++-devel-6.3.0.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ImageMagick-devel-6.3.0.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"perl-PerlMagick-6.3.0.0-27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:45", "description": "Vladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation\nprograms, was ineffective. To avoid confusion a new CVE ID has been\nassigned; the original issue was tracked as CVE-2006-5456.", "edition": 25, "published": "2007-02-15T00:00:00", "title": "Debian DSA-1260-1 : imagemagick - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "modified": "2007-02-15T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:imagemagick"], "id": "DEBIAN_DSA-1260.NASL", "href": "https://www.tenable.com/plugins/nessus/24347", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1260. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24347);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-0770\");\n script_xref(name:\"DSA\", value:\"1260\");\n\n script_name(english:\"Debian DSA-1260-1 : imagemagick - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation\nprograms, was ineffective. To avoid confusion a new CVE ID has been\nassigned; the original issue was tracked as CVE-2006-5456.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1260\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 6:6.0.6.2-2.9.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 7:6.2.4.5.dfsg1-0.14.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"imagemagick\", reference:\"6:6.0.6.2-2.9\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmagick++6\", reference:\"6:6.0.6.2-2.9\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmagick++6-dev\", reference:\"6:6.0.6.2-2.9\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmagick6\", reference:\"6:6.0.6.2-2.9\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmagick6-dev\", reference:\"6:6.0.6.2-2.9\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"perlmagick\", reference:\"6:6.0.6.2-2.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200611-07\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: GraphicsMagick: PALM and DCM buffer overflows\r\n Date: November 13, 2006\r\n Bugs: #152668\r\n ID: 200611-07\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nGraphicsMagick improperly handles PALM and DCM images, potentially\r\nresulting in the execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nGraphicsMagick is a collection of tools and libraries which support\r\nreading, writing, and manipulating images in many major formats.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-gfx/graphicsmagick &lt; 1.1.7-r3 &gt;= 1.1.7-r3\r\n\r\nDescription\r\n===========\r\n\r\nM. Joonas Pihlaja has reported that a boundary error exists within the\r\nReadDCMImage&#40;&#41; function of coders/dcm.c, causing the improper handling\r\nof DCM images. Pihlaja also reported that there are several boundary\r\nerrors in the ReadPALMImage&#40;&#41; function of coders/palm.c, similarly\r\ncausing the improper handling of PALM images.\r\n\r\nImpact\r\n======\r\n\r\nAn attacker could entice a user to open a specially crafted DCM or PALM\r\nimage with GraphicsMagick, and possibly execute arbitrary code with the\r\nprivileges of the user running GraphicsMagick.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll GraphicsMagick users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/graphicsmagick-1.1.7-r3&quot;\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2006-5456\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200611-07.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2006 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2006-11-14T00:00:00", "published": "2006-11-14T00:00:00", "id": "SECURITYVULNS:DOC:15041", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15041", "title": "[ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200611-19\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: ImageMagick: PALM and DCM buffer overflows\r\n Date: November 24, 2006\r\n Bugs: #152672\r\n ID: 200611-19\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nImageMagick improperly handles PALM and DCM images, potentially\r\nresulting in the execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nImageMagick is a software suite to create, edit, and compose bitmap\r\nimages, that can also read, write, and convert images in many other\r\nformats.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-gfx/imagemagick &lt; 6.3.0.5 &gt;= 6.3.0.5\r\n\r\nDescription\r\n===========\r\n\r\nM. Joonas Pihlaja has reported that a boundary error exists within the\r\nReadDCMImage&#40;&#41; function of coders/dcm.c, causing the improper handling\r\nof DCM images. Pihlaja also reported that there are several boundary\r\nerrors in the ReadPALMImage&#40;&#41; function of coders/palm.c, similarly\r\ncausing the improper handling of PALM images.\r\n\r\nImpact\r\n======\r\n\r\nAn attacker could entice a user to open a specially crafted DCM or PALM\r\nimage with ImageMagick, and possibly execute arbitrary code with the\r\nprivileges of the user running ImageMagick.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll ImageMagick users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/imagemagick-6.3.0.5&quot;\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2006-5456\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200611-19.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2006 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2006-11-25T00:00:00", "published": "2006-11-25T00:00:00", "id": "SECURITYVULNS:DOC:15221", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15221", "title": "[ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:041\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : ImageMagick\r\n Date : February 9, 2007\r\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and\r\n ImageMagick allows user-assisted attackers to cause a denial of service\r\n and possibly execute execute arbitrary code via a PALM image that is\r\n not properly handled by the ReadPALMImage function in coders/palm.c.\r\n\r\n This is related to an earlier fix for CVE-2006-5456 that did not fully\r\n correct the issue.\r\n\r\n Updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0770\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 193c4bcc7fa385bc4582095a3bdc362e 2006.0/i586/ImageMagick-6.2.4.3-1.5.20060mdk.i586.rpm\r\n b412617cbd2bee1ac4b7e5dd9dc7f669 2006.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mdk.i586.rpm\r\n 20fc4eec284af86b076bbcbebaee0bb3 2006.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mdk.i586.rpm\r\n f79d82b2e5e4043ccb2871259de495e1 2006.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mdk.i586.rpm\r\n ab5a38478c7c022197edc5d4f5128aaf 2006.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mdk.i586.rpm \r\n 8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n a73886f426de014a97adfb746e4565f8 2006.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mdk.x86_64.rpm\r\n bf0d3317021d77551e1154f7e222915c 2006.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mdk.x86_64.rpm\r\n d8f7a2b02a6324579ac78daddb0e6a7e 2006.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mdk.x86_64.rpm\r\n dfb8b167a0070da2d2f9e4ffe28023fe 2006.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mdk.x86_64.rpm\r\n 3739eede5d60601d1dc1d73d01b37202 2006.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mdk.x86_64.rpm \r\n 8a4d8538baa0065458ba630aaed9976d 2006.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2007.0:\r\n 6ab89c972478c2c023da37b93f594d24 2007.0/i586/ImageMagick-6.2.9.2-1.2mdv2007.0.i586.rpm\r\n 28f69c54db80c27a101491330f66b662 2007.0/i586/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.i586.rpm\r\n 03b4d5956d8877694faac5865d48a520 2007.0/i586/libMagick10.4.0-6.2.9.2-1.2mdv2007.0.i586.rpm\r\n 776a23f71fb316acdf5cff805971c34e 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.2mdv2007.0.i586.rpm\r\n 93f2614af3719718cac1d1879d12d12a 2007.0/i586/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.i586.rpm \r\n 3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 51380bf4ebf6e0b04c4f4288661ae213 2007.0/x86_64/ImageMagick-6.2.9.2-1.2mdv2007.0.x86_64.rpm\r\n 69b0a59488540fdf0f28442f964fd104 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.2mdv2007.0.x86_64.rpm\r\n 8fb388fc56a213a28351c9c561861329 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.2mdv2007.0.x86_64.rpm\r\n ec518f1e4a63e66c2fb352b41760028e 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.2mdv2007.0.x86_64.rpm\r\n 08b01e7f371a53bec64e6beeb5f3ab53 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.2mdv2007.0.x86_64.rpm \r\n 3116010a2047074e801e22d425c9a9d5 2007.0/SRPMS/ImageMagick-6.2.9.2-1.2mdv2007.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 471cef35e46eeb61d6591e13b446479e corporate/3.0/i586/ImageMagick-5.5.7.15-6.10.C30mdk.i586.rpm\r\n 70c7d71b8880e5c333c339d5a647268f corporate/3.0/i586/ImageMagick-doc-5.5.7.15-6.10.C30mdk.i586.rpm\r\n 1cc8b03ddd796be711feb96369129351 corporate/3.0/i586/libMagick5.5.7-5.5.7.15-6.10.C30mdk.i586.rpm\r\n f6ac22c4a8b964d16a945a058a11018c corporate/3.0/i586/libMagick5.5.7-devel-5.5.7.15-6.10.C30mdk.i586.rpm\r\n 65c9c8f0d3f8a126a78aa42c4e938143 corporate/3.0/i586/perl-Magick-5.5.7.15-6.10.C30mdk.i586.rpm \r\n 3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n b63e6de0c85935b92b9d7c9694a834f3 corporate/3.0/x86_64/ImageMagick-5.5.7.15-6.10.C30mdk.x86_64.rpm\r\n 8e5277702700da02eb6e05a150035770 corporate/3.0/x86_64/ImageMagick-doc-5.5.7.15-6.10.C30mdk.x86_64.rpm\r\n b07b76e7e0a8d66d2d79f712d09958e1 corporate/3.0/x86_64/lib64Magick5.5.7-5.5.7.15-6.10.C30mdk.x86_64.rpm\r\n 9212e9b660e22225a53a98036bc3fcb8 corporate/3.0/x86_64/lib64Magick5.5.7-devel-5.5.7.15-6.10.C30mdk.x86_64.rpm\r\n c7b43627ef24177dd52a375d6b9f21d4 corporate/3.0/x86_64/perl-Magick-5.5.7.15-6.10.C30mdk.x86_64.rpm \r\n 3443a491b2e8d8cdde7b9d75a7ff26eb corporate/3.0/SRPMS/ImageMagick-5.5.7.15-6.10.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n e4ba1f2b9651d72c1cd4cb6dd776d751 corporate/4.0/i586/ImageMagick-6.2.4.3-1.5.20060mlcs4.i586.rpm\r\n 26d72e8cafcbc76087c7631e8bedd6e5 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.i586.rpm\r\n b18d2e5aefe0fc96f6dfef405ac75d1d corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.5.20060mlcs4.i586.rpm\r\n 7ed9b663192e24fd723a238dce7261c3 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.i586.rpm\r\n c7e27a51fc8ee6b3dbf3926be899b028 corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.i586.rpm \r\n ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 7511f0e4b203f7217774ae3133f6ac97 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm\r\n 12996cab922873b18717bceeac05f4d0 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.5.20060mlcs4.x86_64.rpm\r\n 9f63d066ad11524a5855c69f951b87ba corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.5.20060mlcs4.x86_64.rpm\r\n 4750be3ba0b5fa37378402d80376b168 corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.5.20060mlcs4.x86_64.rpm\r\n b004eeb51659686cb5cfdfa125ee4102 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.5.20060mlcs4.x86_64.rpm \r\n ccf643955298a3d36be65f9958360da6 corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.5.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFFzLzpmqjQ0CJFipgRAv9xAJ9SOxnAj+KlLU8ztwwY5gHwaCJpUgCgizE2\r\nEFJDCazqOfoqD3KytNZz9Ac=\r\n=OhK9\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2007-02-11T00:00:00", "published": "2007-02-11T00:00:00", "id": "SECURITYVULNS:DOC:16018", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16018", "title": "[ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "SGI, PALM, DCM graphics format parsing buffer overflows.", "edition": 1, "modified": "2007-02-11T00:00:00", "published": "2007-02-11T00:00:00", "id": "SECURITYVULNS:VULN:6494", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6494", "title": "ImageMagick buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:15", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2007-0770"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1260-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 14th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : imagemagick\nVulnerability : buffer overflow\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2007-0770\n\nVladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation programs,\nwas ineffective. To avoid confusion a new CVE ID has been assigned;\ntha original issue was tracked as CVE-2006-5456.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 6:6.0.6.2-2.9.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 7:6.2.4.5.dfsg1-0.14.\n\nFor the unstable distribution (sid) this problems has been fixed in\nversion 7:6.2.4.5.dfsg1-0.14.\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9.dsc\n Size/MD5 checksum: 881 7a9c72b09064a000b21fb7f1c188f58b\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9.diff.gz\n Size/MD5 checksum: 142091 882c6b166d02a3afcf7b65b935053141\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz\n Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 1473132 a64722b75a6727372eab8c5a8e9d3460\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 173936 73ad6aba77ddd80a1fa1bf9cb6838a6a\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 288822 6a29717cdc16bc5f7dc3527b3c04a32e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 1284370 7fe43e1953d01bfd1f40e743b43828e5\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 2200348 183f4d885fb0f0aa298f80ae689eb068\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_alpha.deb\n Size/MD5 checksum: 234798 1e536b98cce30203535a21a110effc66\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 1466442 cce61a586a2c5456e5cd9998f503dff1\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 163710 f0c6e48b31063d20aad8d6801f7b01dd\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 228834 c0e8f73804537f75df7260ff692e0cb6\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 1195150 0162e13544100058faee672fd672bcfd\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 1550468 07ae791a2fbccd31ea48bb425552308f\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_amd64.deb\n Size/MD5 checksum: 231912 ffe6aa0bc71cb5b1f367864fd94c9c0c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 1466166 7a8b57092ad8fcb15ff9ac69e94f79a6\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 149436 f60d0449d25c294c8a9e5b111ee0dd73\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 234946 fc0b7d343929740700a12af92014f7b7\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 1204686 888ae3ff5955c8d4ba9635d2b0333357\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 1647748 b0ebfaba0393ad3d17cc08417e16f4f6\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_arm.deb\n Size/MD5 checksum: 230598 febfdf6b1e489ce6e9c5c195eea4d099\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 1468434 91af04f67f24aa210f9751b23b44f1a0\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 182294 22ff85bb71aa67ec2dfd07c08698a95e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 274036 2832f545f069276518a6cd91658ab495\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 1404890 80a6f5944d0be3209f1fdeed9de3c1ae\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 1827916 94b36feb9f8fcb3b9262d9725652e5cf\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_hppa.deb\n Size/MD5 checksum: 243918 8bbc8f0b106e7fc8160801f5e9ed4c6f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 1466158 b12fb2db8d713c7d09609ce761ce511f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 164504 12ffd60f5fc6c51a85016a1ebdc75d53\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 209010 9aeebaf3983a8bdaad0bb762609054ed\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 1172338 58922d27e7184a30fcdf5de44ddf9e7c\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 1507592 8b8d72379bacb85839b4bbf7f2d4a1b4\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_i386.deb\n Size/MD5 checksum: 234080 7ef93e742172c9a342acc2a913b65520\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 1468502 0a7887202d57741c8c3be4b2dce958e2\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 188402 3ade807b07759f05c264885efb99419e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 296008 82f76c8876488eca4f4818abb3d5edb4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 1605664 ebf2610607abc6410b09dc239c382c90\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 2132678 5fd5d6101764eb020ae46945e52a11ed\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_ia64.deb\n Size/MD5 checksum: 273596 a13f4b344a84d94fa360162225b93c10\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 1466216 6b3c7f12eb188ac46fc20fd1ffa9dfa8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 160146 b466183701680d1216ca13823170430d\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 210812 dc5096668fe53c84e1675f7ae361f94b\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 1073380 f5a339d2de04dc2f7de490de29ca2f4c\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 1288946 33ca416bee60fa710c8efe906ad58a60\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_m68k.deb\n Size/MD5 checksum: 227038 017265076e92de6c95130780e7ca9dcd\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 1490302 79e518fceb087b30d2a1c14bd60b8691\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 155602 f77792a9077082ff893900446d286be4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 254920 8fb4d82e2f40d41c7eb7418b0f43a3d1\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 1119298 0458271acc8b9925db07ad48e184f058\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 1704528 30f1e7b3b9fa83719e9b3952c6c502a7\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_mips.deb\n Size/MD5 checksum: 131418 3e77636bb19daed6ed119a627b0ce504\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 1490274 8baafda5b96b876517b06eafacbf895b\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 151714 09ef6d0f126ca139d69289799d7fb895\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 250164 b65ca0ed3b5f040f5d78a5fbdb1d5563\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 1114890 6c47dc9a27e98b670e31e5a6aa8e6daf\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 1668004 469c0f05098b4a8ec6a265632ba950bd\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_mipsel.deb\n Size/MD5 checksum: 131020 4fb92c9bb3f4d4f5caaa039b646aa9af\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 1471882 8d3e9a8bf55a29112ef3cdf6bf9e12e9\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 156866 d1ee7717bade0bf2cfd1286ec8f9dae8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 227822 43e65023fad784aca3c2061703f4dbb8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 1169594 e428dda6c063b60ed3f90ba25aaf5194\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 1684924 03e88e7f8158add8558bb4cfc0b413eb\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_powerpc.deb\n Size/MD5 checksum: 270638 27a8eaacfee84ee0103bd58f817f8cbb\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 1467688 e30f5f259bbfb5855468c4ca165eb311\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 180574 bd3a78a00b618c09182631011cca8455\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 230292 0e052ebfd74856a77ec7815567b581bd\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 1194348 558ea25312ff8ec8a39001f87f4c2f2d\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 1531000 a11c3e26b1d6cb2110a1eb454874b990\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_s390.deb\n Size/MD5 checksum: 242192 7180ca4868abbead48a65de84d74caf9\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 1465752 1b7a5126b7ab981ba3cb2ba840405ecb\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 161160 fe14a3bf7df9231eef3931dffa190882\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 224424 b12e563f9c3f33fe4599cb3343387477\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 1249364 9fc7b5dbfd4a964443cead1d34bf1649\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 1684558 4ca62128d73a9bf8a1b8c680195da801\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_sparc.deb\n Size/MD5 checksum: 231044 3a630dd561970f121708553c6262e1d9\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2007-02-14T00:00:00", "published": "2007-02-14T00:00:00", "id": "DEBIAN:DSA-1260-1:69336", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00015.html", "title": "[SECURITY] [DSA 1260-1] New imagemagick package fix arbitrary code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:24:23", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2006-5868", "CVE-2006-4144", "CVE-2006-0082"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1213-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 19th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : imagemagick\nVulnerability : several\nProblem-Type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2006-0082 CVE-2006-4144 CVE-2006-5456 CVE-2006-5868\nDebian Bug : 345876 383314 393025\n\nSeveral remote vulnerabilities have been discovered in Imagemagick,\na collection of image manipulation programs, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2006-0082\n\n Daniel Kobras discovered that Imagemagick is vulnerable to format\n string attacks in the filename parsing code.\n\nCVE-2006-4144\n\n Damian Put discovered that Imagemagick is vulnerable to buffer\n overflows in the module for SGI images.\n\nCVE-2006-5456\n\n M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer\n overflows in the module for DCM and PALM images.\n\nCVE-2006-5868\n\n Daniel Kobras discovered that Imagemagick is vulnerable to buffer\n overflows in the module for SGI images.\n\nThis update also adresses regressions in the XCF codec, which were\nintroduced in the previous security update.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 6:6.0.6.2-2.8.\n\nFor the upcoming stable distribution (etch) these problems have been\nfixed in version 7:6.2.4.5.dfsg1-0.11.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 7:6.2.4.5.dfsg1-0.11.\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.dsc\n Size/MD5 checksum: 881 0f3c7174962dcaf0be7b3027312d3438\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.diff.gz\n Size/MD5 checksum: 142001 c2be91d527c1714ee0ece93b090792c7\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz\n Size/MD5 checksum: 6824001 477a361ba0154cc2423726fab4a3f57c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 1469720 b311ede0075f36157e9c9c244a382cb6\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 173974 34306082902f34914d4d0823f0e153c8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 288800 fa2b7d2ad5708e66fbc5c14f830bace0\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 1285588 cabe582c14962459c8bc8dffc7d3a516\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 2204442 080e9f6d25c7b1f1df10dd1828f85273\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_alpha.deb\n Size/MD5 checksum: 143902 98099204464269c5386244cb1fee775f\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 1466352 d50a197f3c3f0e15f1530d56177a1c72\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 163602 642d806539f42d3bd3645edb021bae16\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 228744 9b7c462060e0769f1561da5dcfb32dee\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 1194980 51182a82a05f1f47c435f246a21469ad\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 1550348 43d9d80bd42b3dc6f6d611a997a17c2e\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_amd64.deb\n Size/MD5 checksum: 231800 6375c61e8edc60fa928665cf45ec011c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 1466148 a0c6fcb562afa6d5f8736beda4dade43\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 149342 9a184c8f6d3d204748ed30a1c57dbd1f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 234806 0d4865aaf1dd850604ce9b728e65def6\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 1204646 02fbc1c7b8b98d1977e4861211f1255a\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 1647698 cef197d1c2ce919413ab12bd1b99187a\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_arm.deb\n Size/MD5 checksum: 230484 5b5dbe487dc580a5f164cf862552ab4d\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 1468290 329777db0d2b061398268f9fd8d6a7a7\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 182170 e190aad821d4e96ba2b84fc4d3b49da8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 273890 434201d0f53175e739ce45addbe2ce01\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 1404728 cfe2739dac2b84497a00f92b5c4b36ad\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 1827810 14e7e2febd80f1551cfa9b035ed9222c\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_hppa.deb\n Size/MD5 checksum: 243804 e4bfc17d51547976f7f4db09f6cc6997\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 1466106 0ee2e904990dbcbeee0b90c2fa95ac62\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 164440 708d64c7a92419a98e7d305089b1b0c4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 208932 eed51be1f03a91e624194e9dea211ff2\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 1172262 22f32c18dc71c7b24eff16f1fec1c243\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 1507516 ea9e1148fa72e6be94462a46d30304b0\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_i386.deb\n Size/MD5 checksum: 233964 e47cbf76b993c0eb44adcf85e125d75c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 1468472 6b31e556cf944fe2d89ad8d2c09cc43a\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 188272 7bf4012fe64aa60c8aac88b263b620c4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 295958 dcf1b145b868414bd2357d21ace70fb2\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 1605554 7ab0f7944f25bbaca6266e3bce816132\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 2132552 7324f4a81b5496cc7c9182ae2bb082fb\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_ia64.deb\n Size/MD5 checksum: 273506 fa943563a08e04b06c0632afe7f4bc92\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 1466154 1f5c2b36763032352c2b45144517a5b8\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 159998 624ebcd80f960f7227095411cbdfb90c\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 210680 91b3bafec7f54823cb2720966fcc4825\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 1073256 b7f77626db0631d990422a3cae43f517\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 1288834 fd7af651e4d2d5124b45228d30dc6737\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_m68k.deb\n Size/MD5 checksum: 226942 f097f5c845a1159029271cba7112141f\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 1490232 6aff49b4b30fc146abde3fcbefe85d5f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 155500 416074125be015d5c49a90ac032c5182\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 254800 b8f762578afa79b0210dec43547917a4\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 1119320 6c778533f22c4f7e7c1dd268b5b59c3a\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 1704446 6855a0354042ab9b283bc3966f4f665f\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mips.deb\n Size/MD5 checksum: 131304 74185bb1115a3bcd50085df4fac2e50f\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 1490202 bd3a8c344eb9927d656543c20d784f38\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 151598 d903083280a2428e35516444c93c7d03\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 250056 7c7c6a65f433eee855e775b2e4eafcf3\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 1114750 13012fdd898b1aa77267f90b73563e50\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 1667906 1aeb160d222b005e4103c715d964b0db\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mipsel.deb\n Size/MD5 checksum: 130912 84b347ac516de3a89060c2e010a63cf0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 1471774 5e218bb6d5e36cf50c80ebbf77a56abe\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 156748 4564f4918218c6e6c60fe587fd25d118\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 227722 5eba56a195be2aca1354fce454293a9f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 1169510 92e5f7ca8fdf727e3a88a48262219c8e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 1684852 dc528d0a8080493c028bfca9665dcca3\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_powerpc.deb\n Size/MD5 checksum: 270502 cc408c569b2ce9d03576b4bd9bcb0cb0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 1467494 d1a9308491175f690a73f720caa7532b\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 180486 6693ec2651a6f959a7f3f08efbeeea6f\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 230182 93a55b0f22a8339b13e2816a970ca102\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 1194334 e93c9333e1adc98bb7b99e6d2904d995\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 1530886 db33e6bb01f6d927c02053f0cdd4bf89\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_s390.deb\n Size/MD5 checksum: 242114 51baccefbc53499f3514911521d76c76\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 1465694 d77c64a8e1c40678070a79011abcb8a5\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 161036 dadfff14cc51b0fb9561bf6469b61a3e\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 224332 c8ebb9dbff86871dc12e3d5ae275bc12\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 1249156 461cd22009434968fd4011481ce01044\n http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 1684366 00b473e9bf9e417a4f0bcff753ed727b\n http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_sparc.deb\n Size/MD5 checksum: 230898 020b71df283f6391f3a15415be45a375\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2006-11-19T00:00:00", "published": "2006-11-19T00:00:00", "id": "DEBIAN:DSA-1213-1:7BA5F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00310.html", "title": "[SECURITY] [DSA 1213-1] New imagemagick packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:54", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2006-5868", "CVE-2006-2440"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0015-01\n\n\nImageMagick is an image display and manipulation tool for the X Window\r\nSystem that can read and write multiple image formats.\r\n\r\nSeveral security flaws were discovered in the way ImageMagick decodes DCM,\r\nPALM, and SGI graphic files. An attacker may be able to execute arbitrary\r\ncode on a victim's machine if they were able to trick the victim into\r\nopening a specially crafted image file (CVE-2006-5456, CVE-2006-5868).\r\n\r\nA heap overflow flaw was found in ImageMagick. An attacker may be able to\r\nexecute arbitrary code on a victim's machine if they were able to trick the\r\nvictim into opening a specially crafted file (CVE-2006-2440). This issue\r\nonly affected the version of ImageMagick distributed with Red Hat\r\nEnterprise Linux 4.\r\n\r\nUsers of ImageMagick should upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025580.html\n\n**Affected packages:**\nImageMagick\nImageMagick-c++\nImageMagick-c++-devel\nImageMagick-devel\nImageMagick-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2007-02-18T23:20:12", "published": "2007-02-18T23:20:12", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/025580.html", "id": "CESA-2007:0015-01", "title": "ImageMagick security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2006-5868", "CVE-2006-2440"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0015\n\n\nImageMagick is an image display and manipulation tool for the X Window\r\nSystem that can read and write multiple image formats.\r\n\r\nSeveral security flaws were discovered in the way ImageMagick decodes DCM,\r\nPALM, and SGI graphic files. An attacker may be able to execute arbitrary\r\ncode on a victim's machine if they were able to trick the victim into\r\nopening a specially crafted image file (CVE-2006-5456, CVE-2006-5868).\r\n\r\nA heap overflow flaw was found in ImageMagick. An attacker may be able to\r\nexecute arbitrary code on a victim's machine if they were able to trick the\r\nvictim into opening a specially crafted file (CVE-2006-2440). This issue\r\nonly affected the version of ImageMagick distributed with Red Hat\r\nEnterprise Linux 4.\r\n\r\nUsers of ImageMagick should upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025566.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025567.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025568.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025569.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025574.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025575.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025578.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025579.html\n\n**Affected packages:**\nImageMagick\nImageMagick-c++\nImageMagick-c++-devel\nImageMagick-devel\nImageMagick-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0015.html", "edition": 4, "modified": "2007-02-16T13:04:18", "published": "2007-02-15T20:32:09", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/025566.html", "id": "CESA-2007:0015", "title": "ImageMagick security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2440", "CVE-2006-5456", "CVE-2006-5868"], "description": "ImageMagick is an image display and manipulation tool for the X Window\r\nSystem that can read and write multiple image formats.\r\n\r\nSeveral security flaws were discovered in the way ImageMagick decodes DCM,\r\nPALM, and SGI graphic files. An attacker may be able to execute arbitrary\r\ncode on a victim's machine if they were able to trick the victim into\r\nopening a specially crafted image file (CVE-2006-5456, CVE-2006-5868).\r\n\r\nA heap overflow flaw was found in ImageMagick. An attacker may be able to\r\nexecute arbitrary code on a victim's machine if they were able to trick the\r\nvictim into opening a specially crafted file (CVE-2006-2440). This issue\r\nonly affected the version of ImageMagick distributed with Red Hat\r\nEnterprise Linux 4.\r\n\r\nUsers of ImageMagick should upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.", "modified": "2019-03-22T23:43:05", "published": "2007-02-15T05:00:00", "id": "RHSA-2007:0015", "href": "https://access.redhat.com/errata/RHSA-2007:0015", "type": "redhat", "title": "(RHSA-2007:0015) Moderate: ImageMagick security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5456", "CVE-2006-5868", "CVE-2006-2440"], "description": " [6.0.7.1-16.0.3]\n \n - update fix for CVS-2006-5456\n \n [6.0.7.1-16.0.2]\n \n - more security issues (#217558, CVE-2006-5868; #192278, CVE-2006-2440)\n \n [6.0.7.1-16.0.1]\n \n - fix more overflows (#210921) ", "edition": 4, "modified": "2007-02-15T00:00:00", "published": "2007-02-15T00:00:00", "id": "ELSA-2007-0015", "href": "http://linux.oracle.com/errata/ELSA-2007-0015.html", "title": "Moderate: ImageMagick security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3743", "CVE-2006-4144", "CVE-2006-5456", "CVE-2007-1797"], "description": "ImageMagick(TM) is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and dis play images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. ", "modified": "2007-04-17T12:53:26", "published": "2007-04-17T12:53:26", "id": "FEDORA:L3HCRQ4Q012116", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: ImageMagick-6.2.5.4-4.2.1.fc5.8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4601", "CVE-2006-0082", "CVE-2006-4144", "CVE-2006-5456", "CVE-2007-1797"], "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "modified": "2007-07-30T17:04:58", "published": "2007-07-30T17:04:58", "id": "FEDORA:L6UH4ML0013916", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: GraphicsMagick-1.1.8-2.fc7", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}