DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310704019", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 4019-1 (imagemagick - security update)", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "published": "2017-11-05T00:00:00", "modified": "2019-03-18T00:00:00", "epss": [{"cve": "CVE-2017-13142", "epss": 0.00494, "percentile": 0.73512, "modified": "2023-11-26"}, {"cve": "CVE-2017-11533", "epss": 0.00234, "percentile": 0.61398, "modified": "2023-11-26"}, {"cve": "CVE-2017-9500", "epss": 0.00288, "percentile": 0.65441, "modified": "2023-11-26"}, {"cve": "CVE-2017-11639", "epss": 0.00361, "percentile": 0.69192, "modified": "2023-11-26"}, {"cve": "CVE-2017-13144", "epss": 0.00361, "percentile": 0.69207, "modified": "2023-11-26"}, {"cve": "CVE-2017-12640", "epss": 0.00736, "percentile": 0.7867, "modified": "2023-11-26"}, {"cve": "CVE-2017-13143", "epss": 0.00552, "percentile": 0.74953, "modified": "2023-11-26"}, {"cve": "CVE-2017-11523", "epss": 0.01332, "percentile": 0.84517, "modified": "2023-11-26"}, {"cve": "CVE-2017-12587", "epss": 0.00304, "percentile": 0.66398, "modified": "2023-11-26"}, {"cve": "CVE-2017-11537", "epss": 0.00234, "percentile": 0.61398, "modified": "2023-11-26"}, {"cve": "CVE-2017-11446", "epss": 0.00238, "percentile": 0.61746, "modified": "2023-11-26"}, {"cve": "CVE-2017-13139", "epss": 0.00995, "percentile": 0.81874, "modified": "2023-11-26"}, {"cve": "CVE-2017-12434", "epss": 0.00092, "percentile": 0.39032, "modified": "2023-11-26"}, {"cve": "CVE-2017-13141", "epss": 0.00259, "percentile": 0.63469, "modified": "2023-11-26"}, {"cve": "CVE-2017-12671", "epss": 0.00092, "percentile": 0.39032, "modified": "2023-11-26"}, {"cve": "CVE-2017-12432", "epss": 0.00252, "percentile": 0.6298, "modified": "2023-11-26"}, {"cve": "CVE-2017-12428", "epss": 0.00201, "percentile": 0.57823, "modified": "2023-11-26"}, {"cve": "CVE-2017-12431", "epss": 0.00252, "percentile": 0.6298, "modified": "2023-11-26"}, {"cve": "CVE-2017-13140", "epss": 0.00284, "percentile": 0.6523, "modified": "2023-11-26"}, {"cve": "CVE-2017-11640", "epss": 0.00413, "percentile": 0.71127, "modified": "2023-11-26"}, {"cve": "CVE-2017-11535", "epss": 0.00234, "percentile": 0.61398, "modified": "2023-11-26"}, {"cve": "CVE-2017-13145", "epss": 0.00826, "percentile": 0.7998, "modified": "2023-11-26"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704019", "reporter": "Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net", "references": ["https://www.debian.org/security/2017/dsa-4019.html"], "cvelist": ["CVE-2017-13142", "CVE-2017-11533", "CVE-2017-9500", "CVE-2017-11639", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11446", "CVE-2017-13139", "CVE-2017-12434", "CVE-2017-13141", "CVE-2017-12671", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-13140", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-13145"], "immutableFields": [], "lastseen": "2019-05-29T18:34:52", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "CFOUNDRY:D716827DA44D41333F3C4C92A77A0B32"]}, {"type": "cve", "idList": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1000-1:BACD8", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DSA-3914-1:48C64", "DEBIAN:DSA-4019-1:AFDE4", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4204-1:1D5FF", "DEBIAN:DSA-4204-1:271DB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11446", "DEBIANCVE:CVE-2017-11523", "DEBIANCVE:CVE-2017-11533", "DEBIANCVE:CVE-2017-11535", "DEBIANCVE:CVE-2017-11537", "DEBIANCVE:CVE-2017-11639", "DEBIANCVE:CVE-2017-11640", "DEBIANCVE:CVE-2017-12428", "DEBIANCVE:CVE-2017-12431", "DEBIANCVE:CVE-2017-12432", "DEBIANCVE:CVE-2017-12434", "DEBIANCVE:CVE-2017-12587", "DEBIANCVE:CVE-2017-12640", "DEBIANCVE:CVE-2017-12671", "DEBIANCVE:CVE-2017-13139", "DEBIANCVE:CVE-2017-13140", "DEBIANCVE:CVE-2017-13141", "DEBIANCVE:CVE-2017-13142", "DEBIANCVE:CVE-2017-13143", "DEBIANCVE:CVE-2017-13144", "DEBIANCVE:CVE-2017-13145", "DEBIANCVE:CVE-2017-9500"]}, {"type": "fedora", "idList": ["FEDORA:082456076F55", "FEDORA:137B4601EDDC", "FEDORA:2A5176076F55", "FEDORA:30E8F601EDDA", "FEDORA:4FEEB6076F55", "FEDORA:575B16076F55", "FEDORA:5C7D56076F55", "FEDORA:5EF1A6076F55", "FEDORA:6541E60748F9", "FEDORA:6B591601EDDE", "FEDORA:6DAC2601EDDA", "FEDORA:748906076F55", "FEDORA:791786076F55", "FEDORA:8F8C0601EDDE", "FEDORA:93FF76076F55", "FEDORA:9766D6076F55", "FEDORA:999936076F55", "FEDORA:A088E6076F55", "FEDORA:A58296076F55", "FEDORA:BE87C60748F9", "FEDORA:C1BBA6076F55", "FEDORA:C41F46076F55", "FEDORA:E7E3A6076F55", "FEDORA:F0880601EDDA", "FEDORA:F10E86076F55"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "mageia", "idList": ["MGASA-2018-0229"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1000.NASL", "DEBIAN_DLA-1081.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DSA-4019.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4204.NASL", "EULEROS_SA-2019-2160.NASL", "EULEROS_SA-2019-2354.NASL", "EULEROS_SA-2020-1390.NASL", "EULEROS_SA-2021-1195.NASL", "EULEROS_SA-2021-1305.NASL", "EULEROS_SA-2021-1802.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-8F27031C8F.NASL", "GENTOO_GLSA-201711-07.NASL", "IMAGEMAGICK_7_0_5_8.NASL", "OPENSUSE-2017-1199.NASL", "OPENSUSE-2017-1270.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1413.NASL", "OPENSUSE-2018-145.NASL", "OPENSUSE-2018-213.NASL", "OPENSUSE-2018-230.NASL", "OPENSUSE-2018-343.NASL", "OPENSUSE-2018-61.NASL", "OPENSUSE-2018-88.NASL", "SUSE_SU-2017-2949-1.NASL", "SUSE_SU-2017-3168-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2018-0130-1.NASL", "SUSE_SU-2018-0132-1.NASL", "SUSE_SU-2018-0349-1.NASL", "SUSE_SU-2018-0350-1.NASL", "SUSE_SU-2018-0486-1.NASL", "SUSE_SU-2018-0581-1.NASL", "SUSE_SU-2018-0770-1.NASL", "SUSE_SU-2018-0857-1.NASL", "SUSE_SU-2018-0880-1.NASL", "SUSE_SU-2018-3808-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-3785-1.NASL", "UBUNTU_USN-5335-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703914", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704204", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310843653", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310873390", "OPENVAS:1361412562310873391", "OPENVAS:1361412562310873392", "OPENVAS:1361412562310873394", "OPENVAS:1361412562310873399", "OPENVAS:1361412562310873400", "OPENVAS:1361412562310873404", "OPENVAS:1361412562310873407", "OPENVAS:1361412562310873408", "OPENVAS:1361412562310873409", "OPENVAS:1361412562310873410", "OPENVAS:1361412562310873412", "OPENVAS:1361412562310873417", "OPENVAS:1361412562310873419", "OPENVAS:1361412562310873420", "OPENVAS:1361412562310873422", "OPENVAS:1361412562310873424", "OPENVAS:1361412562310873425", "OPENVAS:1361412562310873427", "OPENVAS:1361412562310873429", "OPENVAS:1361412562310873431", "OPENVAS:1361412562310873432", "OPENVAS:1361412562310873434", "OPENVAS:1361412562310873436", "OPENVAS:1361412562310873438", "OPENVAS:1361412562310891000", "OPENVAS:1361412562310891081", "OPENVAS:1361412562310891785", "OPENVAS:1361412562311220192160", "OPENVAS:1361412562311220192354", "OPENVAS:1361412562311220201390", "OPENVAS:703914"]}, {"type": "osv", "idList": ["OSV:DLA-1000-1", "OSV:DLA-1081-1", "OSV:DLA-1785-1", "OSV:DSA-4204-1"]}, {"type": "prion", "idList": ["PRION:CVE-2017-11446", "PRION:CVE-2017-11523", "PRION:CVE-2017-11533", "PRION:CVE-2017-11535", "PRION:CVE-2017-11537", "PRION:CVE-2017-11639", "PRION:CVE-2017-11640", "PRION:CVE-2017-12428", "PRION:CVE-2017-12431", "PRION:CVE-2017-12432", "PRION:CVE-2017-12434", "PRION:CVE-2017-12587", "PRION:CVE-2017-12640", "PRION:CVE-2017-12671", "PRION:CVE-2017-13139", "PRION:CVE-2017-13140", "PRION:CVE-2017-13141", "PRION:CVE-2017-13142", "PRION:CVE-2017-13143", "PRION:CVE-2017-13144", "PRION:CVE-2017-13145", "PRION:CVE-2017-9500"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11446", "RH:CVE-2017-11523", "RH:CVE-2017-11533", "RH:CVE-2017-11535", "RH:CVE-2017-11537", "RH:CVE-2017-11639", "RH:CVE-2017-11640", "RH:CVE-2017-12428", "RH:CVE-2017-12431", "RH:CVE-2017-12432", "RH:CVE-2017-12434", "RH:CVE-2017-12587", "RH:CVE-2017-12640", "RH:CVE-2017-12671", "RH:CVE-2017-13139", "RH:CVE-2017-13140", "RH:CVE-2017-13141", "RH:CVE-2017-13142", "RH:CVE-2017-13143", "RH:CVE-2017-13144", "RH:CVE-2017-13145", "RH:CVE-2017-9500"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1", "SUSE-SU-2017:3435-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1", "USN-3785-1", "USN-5335-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11446", "UB:CVE-2017-11523", "UB:CVE-2017-11533", "UB:CVE-2017-11535", "UB:CVE-2017-11537", "UB:CVE-2017-11639", "UB:CVE-2017-11640", "UB:CVE-2017-12428", "UB:CVE-2017-12431", "UB:CVE-2017-12432", "UB:CVE-2017-12434", "UB:CVE-2017-12587", "UB:CVE-2017-12640", "UB:CVE-2017-12671", "UB:CVE-2017-13139", "UB:CVE-2017-13140", "UB:CVE-2017-13141", "UB:CVE-2017-13142", "UB:CVE-2017-13143", "UB:CVE-2017-13144", "UB:CVE-2017-13145", "UB:CVE-2017-9500"]}, {"type": "veracode", "idList": ["VERACODE:4399", "VERACODE:4598", "VERACODE:4630", "VERACODE:4639", "VERACODE:4640", "VERACODE:4641", "VERACODE:4751", "VERACODE:4752", "VERACODE:4863", "VERACODE:4866", "VERACODE:4867", "VERACODE:4869", "VERACODE:4875", "VERACODE:4878", "VERACODE:4887", "VERACODE:4957", "VERACODE:4958", "VERACODE:4961"]}]}, "score": {"value": 8.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "CFOUNDRY:D716827DA44D41333F3C4C92A77A0B32"]}, {"type": "cve", "idList": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1000-1:BACD8", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DSA-3914-1:48C64", "DEBIAN:DSA-4019-1:AFDE4", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4204-1:271DB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11446", "DEBIANCVE:CVE-2017-11523", "DEBIANCVE:CVE-2017-11533", "DEBIANCVE:CVE-2017-11535", "DEBIANCVE:CVE-2017-11537", "DEBIANCVE:CVE-2017-11639", "DEBIANCVE:CVE-2017-11640", "DEBIANCVE:CVE-2017-12428", "DEBIANCVE:CVE-2017-12431", "DEBIANCVE:CVE-2017-12432", "DEBIANCVE:CVE-2017-12434", "DEBIANCVE:CVE-2017-12587", "DEBIANCVE:CVE-2017-12640", "DEBIANCVE:CVE-2017-12671", "DEBIANCVE:CVE-2017-13139", "DEBIANCVE:CVE-2017-13140", "DEBIANCVE:CVE-2017-13141", "DEBIANCVE:CVE-2017-13142", "DEBIANCVE:CVE-2017-13143", "DEBIANCVE:CVE-2017-13144", "DEBIANCVE:CVE-2017-13145", "DEBIANCVE:CVE-2017-9500"]}, {"type": "fedora", "idList": ["FEDORA:C41F46076F55"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-11523/", "MSF:ILITIES/UBUNTU-CVE-2017-11537/", "MSF:ILITIES/UBUNTU-CVE-2017-12432/"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201711-07.NASL", "IMAGEMAGICK_7_0_5_8.NASL", "OPENSUSE-2017-1270.NASL", "OPENSUSE-2017-1346.NASL", "SUSE_SU-2017-3168-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "UBUNTU_USN-3681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556", "OPENVAS:1361412562310843653", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310873412", "OPENVAS:703914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11446", "RH:CVE-2017-11523", "RH:CVE-2017-11533", "RH:CVE-2017-11535", "RH:CVE-2017-11537", "RH:CVE-2017-11639", "RH:CVE-2017-11640", "RH:CVE-2017-12428", "RH:CVE-2017-12431", "RH:CVE-2017-12432", "RH:CVE-2017-12434", "RH:CVE-2017-12587", "RH:CVE-2017-12640", "RH:CVE-2017-12671", "RH:CVE-2017-13139", "RH:CVE-2017-13140", "RH:CVE-2017-13141", "RH:CVE-2017-13142", "RH:CVE-2017-13143", "RH:CVE-2017-13144", "RH:CVE-2017-13145", "RH:CVE-2017-9500"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1", "USN-3785-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11446", "UB:CVE-2017-11523", "UB:CVE-2017-11533", "UB:CVE-2017-11535", "UB:CVE-2017-11537", "UB:CVE-2017-11639", "UB:CVE-2017-11640", "UB:CVE-2017-12428", "UB:CVE-2017-12431", "UB:CVE-2017-12432", "UB:CVE-2017-12434", "UB:CVE-2017-12587", "UB:CVE-2017-12640", "UB:CVE-2017-12671", "UB:CVE-2017-13139", "UB:CVE-2017-13140", "UB:CVE-2017-13141", "UB:CVE-2017-13142", "UB:CVE-2017-13143", "UB:CVE-2017-13144", "UB:CVE-2017-13145", "UB:CVE-2017-9500"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-13142", "epss": "0.004920000", "percentile": "0.724670000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11533", "epss": "0.001720000", "percentile": "0.525230000", "modified": "2023-03-15"}, {"cve": "CVE-2017-9500", "epss": "0.002140000", "percentile": "0.576650000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11639", "epss": "0.002690000", "percentile": "0.626380000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13144", "epss": "0.003600000", "percentile": "0.678030000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12640", "epss": "0.005340000", "percentile": "0.735880000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13143", "epss": "0.004710000", "percentile": "0.718140000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11523", "epss": "0.013130000", "percentile": "0.838600000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12587", "epss": "0.003050000", "percentile": "0.650370000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11537", "epss": "0.001720000", "percentile": "0.525230000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11446", "epss": "0.001680000", "percentile": "0.518690000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13139", "epss": "0.011760000", "percentile": "0.828220000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12434", "epss": "0.000640000", "percentile": "0.260790000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13141", "epss": "0.002580000", "percentile": "0.617690000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12671", "epss": "0.000640000", "percentile": "0.260790000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12432", "epss": "0.001780000", "percentile": "0.532620000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12428", "epss": "0.001420000", "percentile": "0.481840000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12431", "epss": "0.001780000", "percentile": "0.532620000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13140", "epss": "0.002780000", "percentile": "0.633680000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11640", "epss": "0.003660000", "percentile": "0.681160000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11535", "epss": "0.001720000", "percentile": "0.525230000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13145", "epss": "0.006880000", "percentile": "0.770130000", "modified": "2023-03-15"}], "vulnersScore": 8.1}, "_state": {"dependencies": 1701031813, "score": 1701032287, "epss": 0}, "_internal": {"score_hash": "32dac9d88960a77546c788260c39e3d5"}, "pluginID": "1361412562310704019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4019.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4019-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704019\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12434\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12671\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-9500\");\n script_name(\"Debian Security Advisory DSA 4019-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-05 00:00:00 +0100 (Sun, 05 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}

{"debian": [{"lastseen": "2023-12-04T10:54:16", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4019-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 05, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533\n CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640\n\t\t CVE-2017-12428 CVE-2017-12431 CVE-2017-12432 CVE-2017-12434\n\t\t CVE-2017-12587 CVE-2017-12640 CVE-2017-12671 CVE-2017-13139\n\t\t CVE-2017-13140 CVE-2017-13141 CVE-2017-13142 CVE-2017-13143\n CVE-2017-13144 CVE-2017-13145\nDebian Bug : 870526 870491 870116 870111 870109 870106 870119\n 870105 870065 870014 869210 870067 870012 869834\n\t\t 869830 869827 868950 869728 869712 869715 869713 867778\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-05T18:09:12", "type": "debian", "title": "[SECURITY] [DSA 4019-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"], "modified": "2017-11-05T18:09:12", "id": "DEBIAN:DSA-4019-1:AFDE4", "href": "https://lists.debian.org/debian-security-announce/2017/msg00281.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:54:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4204-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMay 18, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 \n CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248\nDebian Bug : 867748 869827 869834 870012 870065 885125 885340 886588\n\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-18T16:59:44", "type": "debian", "title": "[SECURITY] [DSA 4204-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10995", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11639", "CVE-2017-13143", "CVE-2017-17504", "CVE-2017-17879", "CVE-2018-5248"], "modified": "2018-05-18T16:59:44", "id": "DEBIAN:DSA-4204-1:1D5FF", "href": "https://lists.debian.org/debian-security-announce/2018/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-04T10:44:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4204-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMay 18, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-10995 CVE-2017-11533 CVE-2017-11535 CVE-2017-11639 \n CVE-2017-13143 CVE-2017-17504 CVE-2017-17879 CVE-2018-5248\nDebian Bug : 867748 869827 869834 870012 870065 885125 885340 886588\n\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-18T16:59:44", "type": "debian", "title": "[SECURITY] [DSA 4204-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10995", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11639", "CVE-2017-13143", "CVE-2017-17504", "CVE-2017-17879", "CVE-2018-5248"], "modified": "2018-05-18T16:59:44", "id": "DEBIAN:DSA-4204-1:271DB", "href": "https://lists.debian.org/debian-security-announce/2018/msg00131.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T10:59:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4040-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-11352 CVE-2017-11640 CVE-2017-12431\n CVE-2017-12640 CVE-2017-12877 CVE-2017-12983\n\t\t CVE-2017-13134 CVE-2017-13139 CVE-2017-13144\n\t\t CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 \n CVE-2017-14607 CVE-2017-14682 CVE-2017-14989\n\t\t CVE-2017-15277 CVE-2017-16546\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-17T22:51:42", "type": "debian", "title": "[SECURITY] [DSA 4040-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2017-11-17T22:51:42", "id": "DEBIAN:DSA-4040-1:E6366", "href": "https://lists.debian.org/debian-security-announce/2017/msg00303.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T17:23:38", "description": "Package : imagemagick\nVersion : 6.7.7.10-5+deb7u16\nCVE ID : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928 \n CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 \n CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448 \n CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 \n CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 \n CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 \n CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 \n CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11639 \n CVE-2017-11640 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 \n CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 \n CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 \n CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 \n CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 \n CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 \n CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 \n CVE-2017-12670 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 \n CVE-2017-12877 CVE-2017-12983 CVE-2017-13133 CVE-2017-13134 \n CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 \n CVE-2017-13146 CVE-2017-13658\nDebian Bug : 867367 867896 867806 867808 867810 867811 867812 867798\n 867821 868264 868184 867721 867824 867826 867893 867823\n 867894 868263 869210 867748 868950 868469 869725 869726\n 869834 869711 869827 869712 870120 870065 870067 870016\n 870023 870480 870481 870525 869713 869727 869715 870491\n 870504 870530 870017 870115 870503 870526 870106 869796\n 870107 870502 870501 870489 870020 872609 870022 870118\n 872373 873134 873100 873099 870109 870105 870012 869728\n 870013 870019 869721 869722\n\n\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-31T10:47:38", "type": "debian", "title": "[SECURITY] [DLA 1081-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-11531", "CVE-2017-11532", "CVE-2017-11533", "CVE-2017-11534", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11751", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12564", "CVE-2017-12565", "CVE-2017-12566", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12643", "CVE-2017-12654", "CVE-2017-12664", "CVE-2017-12665", "CVE-2017-12668", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12675", "CVE-2017-12676", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-8352", "CVE-2017-9144", "CVE-2017-9501"], "modified": "2017-08-31T10:47:38", "id": "DEBIAN:DLA-1081-1:D21F2", "href": "https://lists.debian.org/debian-lts-announce/2017/08/msg00031.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T16:40:45", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:40B92", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T12:15:46", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:C1442", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-12-05T15:04:32", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-4019-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12434", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12671", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-9500"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4019.NASL", "href": "https://www.tenable.com/plugins/nessus/104403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4019. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104403);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12434\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12671\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-9500\");\n script_xref(name:\"DSA\", value:\"4019\");\n\n script_name(english:\"Debian DSA-4019-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed image files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4019\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:39:23", "description": "This update fixes several vulnerabilities in imagemagick, a graphical software suite. Various memory handling problems or issues about incomplete input sanitizing would result in denial of service or memory disclosure.", "cvss3": {}, "published": "2018-05-21T00:00:00", "type": "nessus", "title": "Debian DSA-4204-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10995", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11639", "CVE-2017-13143", "CVE-2017-17504", "CVE-2017-17879", "CVE-2018-5248"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4204.NASL", "href": "https://www.tenable.com/plugins/nessus/109925", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4204. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109925);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11639\", \"CVE-2017-13143\", \"CVE-2017-17504\", \"CVE-2017-17879\", \"CVE-2018-5248\");\n script_xref(name:\"DSA\", value:\"4204\");\n\n script_name(english:\"Debian DSA-4204-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4204\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 8:6.8.9.9-5+deb8u12.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:35", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]\n\n - CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)\n\n - CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)\n\n - CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)\n\n - CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)\n\n - CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)\n\n - CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)\n\n - CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430)\n\nThis update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-1270)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7530", "CVE-2017-11446", "CVE-2017-11534", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12433", "CVE-2017-13133", "CVE-2017-13139", "CVE-2017-15033"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1270.NASL", "href": "https://www.tenable.com/plugins/nessus/104528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1270.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104528);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7530\", \"CVE-2017-11446\", \"CVE-2017-11534\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12433\", \"CVE-2017-13133\", \"CVE-2017-13139\", \"CVE-2017-15033\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-1270)\");\n script_summary(english:\"Check for the openSUSE-2017-1270 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-15033: A denial of service attack (memory leak)\n was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]\n\n - CVE-2017-11446: An infinite loop in ReadPESImage was\n fixed. (bsc#1049379)\n\n - CVE-2017-12433: A memory leak in ReadPESImage in\n coders/pes.c was fixed. (bsc#1052545)\n\n - CVE-2017-12428: A memory leak in ReadWMFImage in\n coders/wmf.c was fixed. (bsc#1052249)\n\n - CVE-2017-12431: A use-after-free in ReadWMFImage was\n fixed. (bsc#1052253)\n\n - CVE-2017-11534: A memory leak in the lite_font_map() in\n coders/wmf.c was fixed. (bsc#1050135)\n\n - CVE-2017-13133: A memory exhaustion in load_level\n function in coders/xcf.c was fixed. (bsc#1055219)\n\n - CVE-2017-13139: A out-of-bounds read in the\n ReadOneMNGImage was fixed. (bsc#1055430)\n\nThis update also reverts an incorrect fix for CVE-2016-7530\n[bsc#1054924].\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061873\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-37.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:55:19", "description": "This update for ImageMagick fixes the following issues: Security issues fixed :\n\n - CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]\n\n - CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379)\n\n - CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545)\n\n - CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249)\n\n - CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253)\n\n - CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135)\n\n - CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219)\n\n - CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924].\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2949-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7530", "CVE-2017-11446", "CVE-2017-11534", "CVE-2017-12428", "CVE-2017-12431", "CVE-2017-12433", "CVE-2017-13133", "CVE-2017-13139", "CVE-2017-15033"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2949-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2949-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104474);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7530\", \"CVE-2017-11446\", \"CVE-2017-11534\", \"CVE-2017-12428\", \"CVE-2017-12431\", \"CVE-2017-12433\", \"CVE-2017-13133\", \"CVE-2017-13139\", \"CVE-2017-15033\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2949-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: Security\nissues fixed :\n\n - CVE-2017-15033: A denial of service attack (memory leak)\n was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873]\n\n - CVE-2017-11446: An infinite loop in ReadPESImage was\n fixed. (bsc#1049379)\n\n - CVE-2017-12433: A memory leak in ReadPESImage in\n coders/pes.c was fixed. (bsc#1052545)\n\n - CVE-2017-12428: A memory leak in ReadWMFImage in\n coders/wmf.c was fixed. (bsc#1052249)\n\n - CVE-2017-12431: A use-after-free in ReadWMFImage was\n fixed. (bsc#1052253)\n\n - CVE-2017-11534: A memory leak in the lite_font_map() in\n coders/wmf.c was fixed. (bsc#1050135)\n\n - CVE-2017-13133: A memory exhaustion in load_level\n function in coders/xcf.c was fixed. (bsc#1055219)\n\n - CVE-2017-13139: A out-of-bounds read in the\n ReadOneMNGImage was fixed. (bsc#1055430) This update\n also reverts an incorrect fix for CVE-2016-7530\n [bsc#1054924].\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12431/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15033/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172949-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8045d40c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1828=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1828=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1828=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1828=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1828=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1828=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1828=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1828=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1828=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:22", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-20T00:00:00", "type": "nessus", "title": "Debian DSA-4040-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4040.NASL", "href": "https://www.tenable.com/plugins/nessus/104684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4040. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104684);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_xref(name:\"DSA\", value:\"4040\");\n\n script_name(english:\"Debian DSA-4040-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed image files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4040\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 8:6.8.9.9-5+deb8u11.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T14:59:43", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Debian DLA-1081-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-11531", "CVE-2017-11532", "CVE-2017-11533", "CVE-2017-11534", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11751", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12564", "CVE-2017-12565", "CVE-2017-12566", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12643", "CVE-2017-12654", "CVE-2017-12664", "CVE-2017-12665", "CVE-2017-12668", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12675", "CVE-2017-12676", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-8352", "CVE-2017-9144", "CVE-2017-9501"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/102889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1081-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102889);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-11531\", \"CVE-2017-11532\", \"CVE-2017-11533\", \"CVE-2017-11534\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-11751\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12428\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12564\", \"CVE-2017-12565\", \"CVE-2017-12566\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12654\", \"CVE-2017-12664\", \"CVE-2017-12665\", \"CVE-2017-12668\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12675\", \"CVE-2017-12676\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13133\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-8352\", \"CVE-2017-9144\", \"CVE-2017-9501\");\n\n script_name(english:\"Debian DLA-1081-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP,\nTIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP,\nPICT, PDB, SFW, or XCF files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:33", "description": "The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details.\n Impact :\n\n Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "GLSA-201711-07 : ImageMagick: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11640", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12876", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13132", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13146", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14137", "CVE-2017-14138", "CVE-2017-14139", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14248", "CVE-2017-14249", "CVE-2017-15281"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:imagemagick", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201711-07.NASL", "href": "https://www.tenable.com/plugins/nessus/104515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201711-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104515);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11640\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12876\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13132\", \"CVE-2017-13133\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14137\", \"CVE-2017-14138\", \"CVE-2017-14139\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14248\", \"CVE-2017-14249\", \"CVE-2017-15281\");\n script_xref(name:\"GLSA\", value:\"201711-07\");\n\n script_name(english:\"GLSA-201711-07 : ImageMagick: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201711-07\n(ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n Remote attackers, by enticing a user to process a specially crafted\n file, could obtain sensitive information, cause a Denial of Service\n condition, or have other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201711-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.9.9.20'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.9.9.20\"), vulnerable:make_list(\"lt 6.9.9.20\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:38:34", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-14482", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3A568ADB31.NASL", "href": "https://www.tenable.com/plugins/nessus/103333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3a568adb31.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103333);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-14482\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n\n script_name(english:\"Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"emacs-25.3-3.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ImageMagick-6.9.9.13-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"WindowMaker-0.95.7-3.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"autotrace-0.31.1-49.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"converseen-0.9.6.2-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"drawtiming-0.7.1-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"gtatool-2.2.0-6.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"imageinfo-0.05-27.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"k3d-0.8.0.6-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"kxstitch-1.2.0-9.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"perl-Image-SubImageFind-0.03-13.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"pfstools-2.0.6-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"php-pecl-imagick-3.4.3-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"psiconv-0.9.8-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"q-7.11-29.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ripright-0.11-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rss-glx-0.9.1.p-27.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rmagick-2.16.0-4.fc25.2\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfig-1.2.0-1.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfigstudio-1.2.0-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"techne-0.2.3-20.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vips-8.4.4-1.fc25.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:01:13", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:dmtx-utils", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-8F27031C8F.NASL", "href": "https://www.tenable.com/plugins/nessus/103314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8f27031c8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103314);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n\n script_name(english:\"Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f27031c8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dmtx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"emacs-25.3-3.fc26\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ImageMagick-6.9.9.13-1.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"WindowMaker-0.95.8-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"autotrace-0.31.1-49.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"converseen-0.9.6.2-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"dmtx-utils-0.7.4-4.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"drawtiming-0.7.1-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"gtatool-2.2.0-6.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"imageinfo-0.05-27.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"k3d-0.8.0.6-8.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"kxstitch-1.2.0-9.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"perl-Image-SubImageFind-0.03-13.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"pfstools-2.0.6-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"php-pecl-imagick-3.4.3-2.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"psiconv-0.9.8-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"q-7.11-29.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ripright-0.11-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rss-glx-0.9.1.p-29.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rubygem-rmagick-2.16.0-4.fc26.2\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfig-1.2.0-9.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfigstudio-1.2.0-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"techne-0.2.3-20.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vips-8.5.8-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:58", "description": "According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.(CVE-2017-11533)\n\n - Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.(CVE-2017-13768)\n\n - In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2021-1195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11533", "CVE-2017-13768", "CVE-2017-9501"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:imagemagick", "p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b", "p-cpe:/a:huawei:euleros:imagemagick-libs", "p-cpe:/a:huawei:euleros:imagemagick-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1195.NASL", "href": "https://www.tenable.com/plugins/nessus/146167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146167);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\n \"CVE-2017-11533\",\n \"CVE-2017-13768\",\n \"CVE-2017-9501\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2021-1195)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ImageMagick packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - When ImageMagick 7.0.6-1 processes a crafted file in\n convert, it can lead to a heap-based buffer over-read\n in the WriteUILImage() function in\n coders/uil.c.(CVE-2017-11533)\n\n - Null Pointer Dereference in the IdentifyImage function\n in MagickCore/identify.c in ImageMagick through\n 7.0.6-10 allows an attacker to perform denial of\n service by sending a crafted image\n file.(CVE-2017-13768)\n\n - In ImageMagick 7.0.5-7 Q16, an assertion failure was\n found in the function LockSemaphoreInfo, which allows\n attackers to cause a denial of service via a crafted\n file.(CVE-2017-9501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1195\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9cbc782\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ImageMagick packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ImageMagick-6.9.10.67-1.h3.eulerosv2r7\",\n \"ImageMagick-c++-6.9.10.67-1.h3.eulerosv2r7\",\n \"ImageMagick-libs-6.9.10.67-1.h3.eulerosv2r7\",\n \"ImageMagick-perl-6.9.10.67-1.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:10:22", "description": "This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-11533: An infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (boo#1050132)\n\n - CVE-2017-17682: A large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (boo#1072898)\n\n - CVE-2017-17500: A heap-based buffer overread in the ImportRGBQuantumType was fixed that could lead to information leak or a crash (boo#1077737)", "cvss3": {}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11533", "CVE-2017-17500", "CVE-2017-17682"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-213.NASL", "href": "https://www.tenable.com/plugins/nessus/107047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-213.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107047);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11533\", \"CVE-2017-17500\", \"CVE-2017-17682\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-213)\");\n script_summary(english:\"Check for the openSUSE-2018-213 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-11533: An infoleak by 1 byte due to heap-based\n buffer over-read in the WriteUILImage() in coders/uil.c\n was fixed (boo#1050132)\n\n - CVE-2017-17682: A large loop vulnerability was found in\n the function ExtractPostscript in coders/wpg.c, which\n allowed attackers to cause a denial of service (CPU\n exhaustion) (boo#1072898)\n\n - CVE-2017-17500: A heap-based buffer overread in the\n ImportRGBQuantumType was fixed that could lead to\n information leak or a crash (boo#1077737)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077737\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-74.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:10:44", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635).\n\n - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098).\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353)\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354)\n\n - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908)\n\n - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037)\n\n - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072)\n\n - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100)\n\n - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442)\n\n - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470)\n\n - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708)\n\n - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717)\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721)\n\n - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052768)\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052777)\n\n - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781)\n\n - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600)\n\n - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374)\n\n - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455)\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456)\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000)\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162)\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752)\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362)\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125)\n\n - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185)\n\n - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120)\n\n - Prevent memory leak in svg.c, which allowed attackers to cause a denial of service via a crafted SVG image file (bsc#1074120)\n\n - Prevent small memory leak when processing PWP image files (bsc#1074309)\n\n - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0350-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10995", "CVE-2017-11505", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11750", "CVE-2017-12565", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12643", "CVE-2017-12671", "CVE-2017-12673", "CVE-2017-12676", "CVE-2017-12935", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13147", "CVE-2017-14103", "CVE-2017-14649", "CVE-2017-15218", "CVE-2017-17504", "CVE-2017-17879", "CVE-2017-17884", "CVE-2017-17914", "CVE-2017-18027", "CVE-2017-18029", "CVE-2017-9261", "CVE-2017-9262", "CVE-2018-5685"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0350-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0350-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106603);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11505\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11750\", \"CVE-2017-12565\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12643\", \"CVE-2017-12671\", \"CVE-2017-12673\", \"CVE-2017-12676\", \"CVE-2017-12935\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13147\", \"CVE-2017-14103\", \"CVE-2017-14649\", \"CVE-2017-15218\", \"CVE-2017-17504\", \"CVE-2017-17879\", \"CVE-2017-17884\", \"CVE-2017-17914\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2017-9261\", \"CVE-2017-9262\", \"CVE-2018-5685\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0350-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635).\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098).\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353)\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354)\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908)\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c (bsc#1050037)\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072)\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100)\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442)\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470)\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708)\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717)\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721)\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768)\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777)\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781)\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600)\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374)\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455)\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456)\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000)\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162)\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752)\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362)\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125)\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185)\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120)\n\n - Prevent memory leak in svg.c, which allowed attackers to\n cause a denial of service via a crafted SVG image file\n (bsc#1074120)\n\n - Prevent small memory leak when processing PWP image\n files (bsc#1074309)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11750/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12676/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14649/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17504/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18027/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180350-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f6d88f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13453=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13453=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13453=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.78.29.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:36", "description": "Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Debian DLA-1785-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-5", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1785.NASL", "href": "https://www.tenable.com/plugins/nessus/125093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1785-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n\n script_name(english:\"Debian DLA-1785-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14626\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:10:45", "description": "This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-145)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10995", "CVE-2017-11505", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11750", "CVE-2017-12565", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12643", "CVE-2017-12671", "CVE-2017-12673", "CVE-2017-12676", "CVE-2017-12935", "CVE-2017-13059", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13147", "CVE-2017-14103", "CVE-2017-14649", "CVE-2017-15218", "CVE-2017-17504", "CVE-2017-17681", "CVE-2017-17879", "CVE-2017-17884", "CVE-2017-17914", "CVE-2017-18008", "CVE-2017-18027", "CVE-2017-18029", "CVE-2017-9261", "CVE-2017-9262", "CVE-2018-5246", "CVE-2018-5685"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-145.NASL", "href": "https://www.tenable.com/plugins/nessus/106668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-145.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106668);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11505\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11750\", \"CVE-2017-12565\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12643\", \"CVE-2017-12671\", \"CVE-2017-12673\", \"CVE-2017-12676\", \"CVE-2017-12935\", \"CVE-2017-13059\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13147\", \"CVE-2017-14103\", \"CVE-2017-14649\", \"CVE-2017-15218\", \"CVE-2017-17504\", \"CVE-2017-17681\", \"CVE-2017-17879\", \"CVE-2017-17884\", \"CVE-2017-17914\", \"CVE-2017-18008\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2017-9261\", \"CVE-2017-9262\", \"CVE-2018-5246\", \"CVE-2018-5685\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-145)\");\n script_summary(english:\"Check for the openSUSE-2018-145 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-52.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:35:45", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0349-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10995", "CVE-2017-11505", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11750", "CVE-2017-12565", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12643", "CVE-2017-12671", "CVE-2017-12673", "CVE-2017-12676", "CVE-2017-12935", "CVE-2017-13059", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13147", "CVE-2017-14103", "CVE-2017-14649", "CVE-2017-15218", "CVE-2017-17504", "CVE-2017-17681", "CVE-2017-17879", "CVE-2017-17884", "CVE-2017-17914", "CVE-2017-18008", "CVE-2017-18027", "CVE-2017-18029", "CVE-2017-9261", "CVE-2017-9262", "CVE-2018-5246", "CVE-2018-5685"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0349-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0349-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106602);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11505\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11750\", \"CVE-2017-12565\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12643\", \"CVE-2017-12671\", \"CVE-2017-12673\", \"CVE-2017-12676\", \"CVE-2017-12935\", \"CVE-2017-13059\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13147\", \"CVE-2017-14103\", \"CVE-2017-14649\", \"CVE-2017-15218\", \"CVE-2017-17504\", \"CVE-2017-17681\", \"CVE-2017-17879\", \"CVE-2017-17884\", \"CVE-2017-17914\", \"CVE-2017-18008\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2017-9261\", \"CVE-2017-9262\", \"CVE-2018-5246\", \"CVE-2018-5685\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0349-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021)\n\n - CVE-2017-17681: Prevent infinite loop in the function\n ReadPSDChannelZip in coders/psd.c, which allowed\n attackers to cause a denial of service (CPU exhaustion)\n via a crafted psd image file (bsc#1072901).\n\n - CVE-2017-18008: Prevent memory Leak in ReadPWPImage\n which allowed attackers to cause a denial of service via\n a PWP file (bsc#1074309).\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-11639: Prevent heap-based buffer over-read in\n the WriteCIPImage() function, related to the\n GetPixelLuma function in MagickCore/pixel-accessor.h\n (bsc#1050635)\n\n - CVE-2017-11525: Prevent memory consumption in the\n ReadCINImage function that allowed remote attackers to\n cause a denial of service (bsc#1050098)\n\n - CVE-2017-9262: The ReadJNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043353).\n\n - CVE-2017-9261: The ReadMNGImage function in coders/png.c\n allowed attackers to cause a denial of service (memory\n leak) via a crafted file (bsc#1043354).\n\n - CVE-2017-10995: The mng_get_long function in\n coders/png.c allowed remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via a crafted MNG image (bsc#1047908).\n\n - CVE-2017-11539: Prevent memory leak in the\n ReadOnePNGImage() function in coders/png.c\n (bsc#1050037).\n\n - CVE-2017-11505: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050072).\n\n - CVE-2017-11526: The ReadOneMNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (large loop and CPU consumption) via a\n crafted file (bsc#1050100).\n\n - CVE-2017-11750: The ReadOneJNGImage function in\n coders/png.c allowed remote attackers to cause a denial\n of service (NULL pointer dereference) via a crafted file\n (bsc#1051442).\n\n - CVE-2017-12565: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052470).\n\n - CVE-2017-12676: Prevent memory leak in the function\n ReadOneJNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052708).\n\n - CVE-2017-12673: Prevent memory leak in the function\n ReadOneMNGImage in coders/png.c, which allowed attackers\n to cause a denial of service (bsc#1052717).\n\n - CVE-2017-12671: Added NULL assignment in coders/png.c to\n prevent an invalid free in the function\n RelinquishMagickMemory in MagickCore/memory.c, which\n allowed attackers to cause a denial of service\n (bsc#1052721).\n\n - CVE-2017-12643: Prevent a memory exhaustion\n vulnerability in ReadOneJNGImage in coders\\png.c\n (bsc#1052768).\n\n - CVE-2017-12641: Prevent a memory leak vulnerability in\n ReadOneJNGImage in coders\\png.c (bsc#1052777).\n\n - CVE-2017-12640: Prevent an out-of-bounds read\n vulnerability in ReadOneMNGImage in coders/png.c\n (bsc#1052781).\n\n - CVE-2017-12935: The ReadMNGImage function in\n coders/png.c mishandled large MNG images, leading to an\n invalid memory read in the SetImageColorCallBack\n function in magick/image.c (bsc#1054600).\n\n - CVE-2017-13059: Prevent memory leak in the function\n WriteOneJNGImage in coders/png.c, which allowed\n attackers to cause a denial of service (WriteJNGImage\n memory consumption) via a crafted file (bsc#1055068).\n\n - CVE-2017-13147: Prevent allocation failure in the\n function ReadMNGImage in coders/png.c when a small MNG\n file has a MEND chunk with a large length value\n (bsc#1055374).\n\n - CVE-2017-13142: Added additional checks for short files\n to prevent a crafted PNG file from triggering a crash\n (bsc#1055455).\n\n - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage\n in coders/png.c (bsc#1055456).\n\n - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage\n functions in coders/png.c did not properly manage image\n pointers after certain error conditions, which allowed\n remote attackers to conduct use-after-free attacks via a\n crafted file, related to a ReadMNGImage out-of-order\n CloseBlob call (bsc#1057000).\n\n - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not\n properly validate JNG data, leading to a denial of\n service (assertion failure in magick/pixel_cache.c, and\n application crash) (bsc#1060162).\n\n - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage\n in coders/png.c (bsc#1062752).\n\n - CVE-2017-17504: Prevent heap-based buffer over-read via\n a crafted file in Magick_png_read_raw_profile, related\n to ReadOneMNGImage (bsc#1072362).\n\n - CVE-2017-17884: Prevent memory leak in the function\n WriteOnePNGImage in coders/png.c, which allowed\n attackers to cause a denial of service via a crafted PNG\n image file (bsc#1074120).\n\n - CVE-2017-17879: Prevent heap-based buffer over-read in\n ReadOneMNGImage in coders/png.c, related to length\n calculation and caused by an off-by-one error\n (bsc#1074125).\n\n - CVE-2017-17914: Prevent crafted files to cause a large\n loop in ReadOneMNGImage (bsc#1074185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11750/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12676/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13059/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14649/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17504/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17681/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18027/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5246/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5685/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180349-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e017fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-244=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-244=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-244=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:23", "description": "This update for ImageMagick fixes the following issues :\n\nCVE-2017-14997: ImageMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (bsc#1112399)\n\nCVE-2018-16644: A regression in the security fix for the pict coder was fixed (bsc#1107609)\n\nCVE-2017-11532: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (bsc#1050129)\n\nCVE-2017-11639: A regression in the security fix in the cip coder was fixed (bsc#1050635)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3808-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11532", "CVE-2017-11639", "CVE-2017-14997", "CVE-2018-16644"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3808-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3808-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119041);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11532\", \"CVE-2017-11639\", \"CVE-2017-14997\", \"CVE-2018-16644\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3808-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nCVE-2017-14997: ImageMagick allowed remote attackers to cause a denial\nof service (excessive memory allocation) because of an integer\nunderflow in ReadPICTImage in coders/pict.c. (bsc#1112399)\n\nCVE-2018-16644: A regression in the security fix for the pict coder\nwas fixed (bsc#1107609)\n\nCVE-2017-11532: When ImageMagick processed a crafted file in convert,\nit could lead to a Memory Leak in the WriteMPCImage() function in\ncoders/mpc.c. (bsc#1050129)\n\nCVE-2017-11639: A regression in the security fix in the cip coder was\nfixed (bsc#1050635)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16644/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183808-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47d2c374\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13868=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13868=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13868=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-78.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-78.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-78.79.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:23", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135).\n\n - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219).\n\n - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430).\n\n - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3168-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11534", "CVE-2017-13133", "CVE-2017-13139", "CVE-2017-15033"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-3168-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3168-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104966);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11534\", \"CVE-2017-13133\", \"CVE-2017-13139\", \"CVE-2017-15033\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3168-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-11534: Processing a crafted file in convert\n could have lead to a Memory Leak in the lite_font_map()\n function in coders/wmf.c (bsc#1050135).\n\n - CVE-2017-13133: The load_level function in coders/xcf.c\n lacked offset validation, which allowed attackers to\n cause a denial of service (load_tile memory exhaustion)\n via a crafted file (bsc#1055219).\n\n - CVE-2017-13139: The ReadOneMNGImage function in\n coders/png.c had an out-of-bounds read with the MNG CLIP\n chunk (bsc#1055430).\n\n - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in\n coders/yuv.c (bsc#1061873).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15033/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173168-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76a92e80\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13356=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13356=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13356=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.78.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:39:51", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6-common", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16hdri", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-common", "p-cpe:/a:canonical:ubuntu_linux:libimage-magick-perl", "p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16-perl", "p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16hdri-perl", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16hdri-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16hdri-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-arch-config", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-headers", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6-headers", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand-dev", "p-cpe:/a:canonical:ubuntu_linux:libmagickwand5", "p-cpe:/a:canonical:ubuntu_linux:perlmagick", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3681-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110516);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2017-1000445\",\n \"CVE-2017-1000476\",\n \"CVE-2017-10995\",\n \"CVE-2017-11352\",\n \"CVE-2017-11533\",\n \"CVE-2017-11535\",\n \"CVE-2017-11537\",\n \"CVE-2017-11639\",\n \"CVE-2017-11640\",\n \"CVE-2017-12140\",\n \"CVE-2017-12418\",\n \"CVE-2017-12429\",\n \"CVE-2017-12430\",\n \"CVE-2017-12431\",\n \"CVE-2017-12432\",\n \"CVE-2017-12433\",\n \"CVE-2017-12435\",\n \"CVE-2017-12563\",\n \"CVE-2017-12587\",\n \"CVE-2017-12640\",\n \"CVE-2017-12643\",\n \"CVE-2017-12644\",\n \"CVE-2017-12670\",\n \"CVE-2017-12674\",\n \"CVE-2017-12691\",\n \"CVE-2017-12692\",\n \"CVE-2017-12693\",\n \"CVE-2017-12875\",\n \"CVE-2017-12877\",\n \"CVE-2017-12983\",\n \"CVE-2017-13058\",\n \"CVE-2017-13059\",\n \"CVE-2017-13060\",\n \"CVE-2017-13061\",\n \"CVE-2017-13062\",\n \"CVE-2017-13131\",\n \"CVE-2017-13134\",\n \"CVE-2017-13139\",\n \"CVE-2017-13142\",\n \"CVE-2017-13143\",\n \"CVE-2017-13144\",\n \"CVE-2017-13145\",\n \"CVE-2017-13758\",\n \"CVE-2017-13768\",\n \"CVE-2017-13769\",\n \"CVE-2017-14060\",\n \"CVE-2017-14172\",\n \"CVE-2017-14173\",\n \"CVE-2017-14174\",\n \"CVE-2017-14175\",\n \"CVE-2017-14224\",\n \"CVE-2017-14249\",\n \"CVE-2017-14325\",\n \"CVE-2017-14326\",\n \"CVE-2017-14341\",\n \"CVE-2017-14342\",\n \"CVE-2017-14343\",\n \"CVE-2017-14400\",\n \"CVE-2017-14505\",\n \"CVE-2017-14531\",\n \"CVE-2017-14532\",\n \"CVE-2017-14533\",\n \"CVE-2017-14607\",\n \"CVE-2017-14624\",\n \"CVE-2017-14625\",\n \"CVE-2017-14626\",\n \"CVE-2017-14682\",\n \"CVE-2017-14684\",\n \"CVE-2017-14739\",\n \"CVE-2017-14741\",\n \"CVE-2017-14989\",\n \"CVE-2017-15015\",\n \"CVE-2017-15016\",\n \"CVE-2017-15017\",\n \"CVE-2017-15032\",\n \"CVE-2017-15033\",\n \"CVE-2017-15217\",\n \"CVE-2017-15218\",\n \"CVE-2017-15277\",\n \"CVE-2017-15281\",\n \"CVE-2017-16546\",\n \"CVE-2017-17499\",\n \"CVE-2017-17504\",\n \"CVE-2017-17680\",\n \"CVE-2017-17681\",\n \"CVE-2017-17682\",\n \"CVE-2017-17879\",\n \"CVE-2017-17881\",\n \"CVE-2017-17882\",\n \"CVE-2017-17884\",\n \"CVE-2017-17885\",\n \"CVE-2017-17886\",\n \"CVE-2017-17887\",\n \"CVE-2017-17914\",\n \"CVE-2017-17934\",\n \"CVE-2017-18008\",\n \"CVE-2017-18022\",\n \"CVE-2017-18027\",\n \"CVE-2017-18028\",\n \"CVE-2017-18029\",\n \"CVE-2017-18209\",\n \"CVE-2017-18211\",\n \"CVE-2017-18251\",\n \"CVE-2017-18252\",\n \"CVE-2017-18254\",\n \"CVE-2017-18271\",\n \"CVE-2017-18273\",\n \"CVE-2018-10177\",\n \"CVE-2018-10804\",\n \"CVE-2018-10805\",\n \"CVE-2018-11251\",\n \"CVE-2018-11625\",\n \"CVE-2018-11655\",\n \"CVE-2018-11656\",\n \"CVE-2018-5246\",\n \"CVE-2018-5247\",\n \"CVE-2018-5248\",\n \"CVE-2018-5357\",\n \"CVE-2018-5358\",\n \"CVE-2018-6405\",\n \"CVE-2018-7443\",\n \"CVE-2018-8804\",\n \"CVE-2018-8960\",\n \"CVE-2018-9133\"\n );\n script_xref(name:\"USN\", value:\"3681-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3681-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18211\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16hdri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16hdri-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16hdri-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagick++5', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagickcore5', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagickcore5-extra', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'libmagickwand5', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '14.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.7.7.10-6ubuntu3.11'},\n {'osver': '16.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'imagemagick-6.q16', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libimage-magick-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libimage-magick-q16-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagick++-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-5v5', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-6-arch-config', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2-extra', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickwand-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '16.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.8.9.9-7ubuntu5.11'},\n {'osver': '18.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'imagemagick-6-common', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'imagemagick-6.q16', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'imagemagick-6.q16hdri', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libimage-magick-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libimage-magick-q16-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libimage-magick-q16hdri-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-6.q16-7', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-6.q16hdri-7', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6-arch-config', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-3-extra', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-3-extra', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16hdri-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'},\n {'osver': '18.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'imagemagick / imagemagick-6-common / imagemagick-6.q16 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:13:16", "description": "\nThis update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/imagemagick](https://security-tracker.debian.org/tracker/imagemagick)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-18T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533", "CVE-2017-11639", "CVE-2017-13143", "CVE-2018-5248", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-10995", "CVE-2017-11535"], "modified": "2022-08-10T07:13:08", "id": "OSV:DSA-4204-1", "href": "https://osv.dev/vulnerability/DSA-4204-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:02", "description": "\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-31T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142", "CVE-2017-11448", "CVE-2017-11533", "CVE-2017-11141", "CVE-2017-11531", "CVE-2017-12418", "CVE-2017-11639", "CVE-2017-13146", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-11529", "CVE-2017-12640", "CVE-2017-13658", "CVE-2017-9501", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11446", "CVE-2017-12676", "CVE-2017-11527", "CVE-2017-11525", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-12664", "CVE-2017-12564", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-12877", "CVE-2017-11505", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-11530", "CVE-2017-12641", "CVE-2017-13133", "CVE-2017-11188", "CVE-2017-11534", "CVE-2017-11528", "CVE-2017-12566", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-12675", "CVE-2017-11532", "CVE-2017-11752", "CVE-2017-12565", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-13134", "CVE-2017-11526", "CVE-2017-11450", "CVE-2017-12431", "CVE-2017-12642", "CVE-2017-12670", "CVE-2017-12668", "CVE-2017-11170", "CVE-2017-11539", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-11535", "CVE-2017-12429", "CVE-2017-11524"], "modified": "2022-08-05T05:17:57", "id": "OSV:DLA-1081-1", "href": "https://osv.dev/vulnerability/DLA-1081-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:29", "description": "\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142", "CVE-2017-14175", "CVE-2017-14060", "CVE-2017-9500", "CVE-2019-10650", "CVE-2017-12674", "CVE-2017-1000445", "CVE-2017-13658", "CVE-2017-1000476", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-12691", "CVE-2017-15015", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12430", "CVE-2017-14532", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-17682", "CVE-2017-13768", "CVE-2019-11598", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-14173", "CVE-2017-13133", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-18271", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-15281", "CVE-2019-9956", "CVE-2017-18273", "CVE-2019-11597", "CVE-2017-12432", "CVE-2017-17914", "CVE-2017-12670", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174", "CVE-2017-13145"], "modified": "2022-08-05T05:18:28", "id": "OSV:DLA-1785-1", "href": "https://osv.dev/vulnerability/DLA-1785-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-07-04T18:55:25", "description": "This update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.", "cvss3": {}, "published": "2018-05-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4204-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11533", "CVE-2017-11639", "CVE-2017-13143", "CVE-2018-5248", "CVE-2017-17879", "CVE-2017-17504", "CVE-2017-10995", "CVE-2017-11535"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4204-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704204\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10995\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11639\", \"CVE-2017-13143\",\n \"CVE-2017-17504\", \"CVE-2017-17879\", \"CVE-2018-5248\");\n script_name(\"Debian Security Advisory DSA 4204-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-18 00:00:00 +0200 (Fri, 18 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4204.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u12.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/imagemagick\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick, a graphical\nsoftware suite. Various memory handling problems or issues about\nincomplete input sanitizing would result in denial of service or\nmemory disclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4040-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-13139", "CVE-2017-12877", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-11352", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-12431", "CVE-2017-11640"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4040.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4040-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704040\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_name(\"Debian Security Advisory DSA 4040-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-17 00:00:00 +0100 (Fri, 17 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4040.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:11:44", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-1081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-11448", "CVE-2017-11533", "CVE-2017-11141", "CVE-2017-11531", "CVE-2017-12418", "CVE-2017-11639", "CVE-2017-13146", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-11529", "CVE-2017-12640", "CVE-2017-13658", "CVE-2017-9501", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11446", "CVE-2017-12676", "CVE-2017-11527", "CVE-2017-11525", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-12664", "CVE-2017-12564", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-12877", "CVE-2017-11505", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-11530", "CVE-2017-12641", "CVE-2017-13133", "CVE-2017-11188", "CVE-2017-11534", "CVE-2017-11528", "CVE-2017-12566", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-12675", "CVE-2017-11532", "CVE-2017-11752", "CVE-2017-12565", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-13134", "CVE-2017-11526", "CVE-2017-11450", "CVE-2017-12431", "CVE-2017-12642", "CVE-2017-12670", "CVE-2017-12668", "CVE-2017-11170", "CVE-2017-11539", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-11535", "CVE-2017-12429", "CVE-2017-11524"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891081", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891081\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-11531\", \"CVE-2017-11532\", \"CVE-2017-11533\", \"CVE-2017-11534\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-11751\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12428\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12564\", \"CVE-2017-12565\", \"CVE-2017-12566\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12654\", \"CVE-2017-12664\", \"CVE-2017-12665\", \"CVE-2017-12668\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12675\", \"CVE-2017-12676\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13133\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-8352\", \"CVE-2017-9144\", \"CVE-2017-9501\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-1081-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00031.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"summary\", value:\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand5\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.7.7.10-5+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T19:25:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-1785-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-14175", "CVE-2017-14060", "CVE-2017-9500", "CVE-2019-10650", "CVE-2017-12674", "CVE-2017-1000445", "CVE-2017-13658", "CVE-2017-1000476", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-12691", "CVE-2017-15015", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12430", "CVE-2017-14532", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-17682", "CVE-2017-13768", "CVE-2019-11598", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-14173", "CVE-2017-13133", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-18271", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-15281", "CVE-2019-9956", "CVE-2017-18273", "CVE-2019-11597", "CVE-2017-12432", "CVE-2017-17914", "CVE-2017-12670", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174", "CVE-2017-13145"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891785", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891785\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-15 02:01:09 +0000 (Wed, 15 May 2019)\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-1785-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1785-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/867778\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/868950\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869210\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869712\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/873059\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869727\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/870491\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/870504\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the DLA-1785-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\");\n\n script_tag(name:\"affected\", value:\"'imagemagick' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u16\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-3681-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2017-17680", "CVE-2017-17884", "CVE-2017-11533", "CVE-2017-14343", "CVE-2017-14531", "CVE-2017-15277", "CVE-2017-14175", "CVE-2017-12418", "CVE-2017-14060", "CVE-2017-11639", "CVE-2017-14224", "CVE-2017-14684", "CVE-2018-11251", "CVE-2017-13060", "CVE-2017-17887", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-17882", "CVE-2017-14325", "CVE-2017-1000445", "CVE-2018-11655", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-1000476", "CVE-2017-13143", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12587", "CVE-2017-11537", "CVE-2018-7443", "CVE-2017-18252", "CVE-2017-12691", "CVE-2017-12983", "CVE-2017-15015", "CVE-2018-9133", "CVE-2018-6405", "CVE-2017-12643", "CVE-2017-15032", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-14532", "CVE-2018-5357", "CVE-2017-14533", "CVE-2017-18251", "CVE-2017-15033", "CVE-2017-14172", "CVE-2018-10177", "CVE-2018-5248", "CVE-2017-15218", "CVE-2017-12877", "CVE-2017-15017", "CVE-2018-11625", "CVE-2017-16546", "CVE-2017-17879", "CVE-2017-17682", "CVE-2017-18022", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-17681", "CVE-2018-10804", "CVE-2017-14326", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-17504", "CVE-2017-13131", "CVE-2018-5246", "CVE-2017-14173", "CVE-2017-13058", "CVE-2017-12644", "CVE-2017-18008", "CVE-2017-14607", "CVE-2017-17885", "CVE-2017-15217", "CVE-2017-13062", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-18029", "CVE-2017-14400", "CVE-2017-18271", "CVE-2018-10805", "CVE-2017-11352", "CVE-2017-14341", "CVE-2017-18028", "CVE-2017-12693", "CVE-2018-5247", "CVE-2017-12140", "CVE-2017-13059", "CVE-2017-12563", "CVE-2017-15281", "CVE-2018-11656", "CVE-2017-18273", "CVE-2017-10995", "CVE-2018-8804", "CVE-2017-12432", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-18027", "CVE-2017-13769", "CVE-2017-17934", "CVE-2017-18254", "CVE-2017-18209", "CVE-2017-17914", "CVE-2018-5358", "CVE-2017-12431", "CVE-2017-12670", "CVE-2017-17499", "CVE-2017-12875", "CVE-2018-8960", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-17881", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-11640", "CVE-2017-14249", "CVE-2017-11535", "CVE-2017-14174", "CVE-2017-12429", "CVE-2017-14342", "CVE-2017-17886", "CVE-2017-13145"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3681_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for imagemagick USN-3681-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843556\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-13 05:45:46 +0200 (Wed, 13 Jun 2018)\");\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2018-6405\",\n \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\",\n \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\",\n \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\",\n \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\",\n \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\",\n \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\",\n \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\",\n \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\",\n \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\",\n \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\",\n \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\",\n \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\",\n \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\",\n \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\",\n \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\",\n \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\",\n \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\",\n \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\",\n \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\",\n \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\",\n \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\",\n \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\",\n \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\",\n \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\",\n \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\",\n \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\",\n \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\",\n \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-3681-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\nthe target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick incorrectly\nhandled certain malformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could exploit this to\ncause a denial of service or possibly execute code with the privileges of\nthe user invoking the program.\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3681-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3681-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-6ubuntu3.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-16ubuntu6.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-7ubuntu5.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_WindowMaker_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873425\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:56:58 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.8~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_pfstools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:19:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_gtatool_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:10:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32VMEM3PJFREO5A322OKICOCG3VTTOVO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfigstudio_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:34:56 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_converseen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873407\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.7.2~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_php-pecl-imagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_inkscape_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:32:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873422", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_ImageMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873422\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:50:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDT43G5RDSYGPIQ2RBMEGC3RXRW2ENPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.13~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_autotrace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:42 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "veracode": [{"lastseen": "2023-04-18T16:28:58", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The attacks exist because `coders/png.c` is missing a NULL assignment, leading to bad free of memory in `RelinquishMagickMemory()` in MagickCore/memory.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-08T06:11:45", "type": "veracode", "title": "Denial Of Service (DoS) Through Missing NULL Assignment", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2019-05-15T06:18:29", "id": "VERACODE:4887", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4887/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:29:53", "description": "ImageMagick is vulnerable to denial of service (DoS). The attacks are possible because it does not perform sufficient validation of short files, leading to a crash when attackers send malicious PNG files.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-24T08:00:38", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2019-05-15T06:18:29", "id": "VERACODE:4957", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4957/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:28:44", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The attacks are possible because it is possible to bypass the validation of channel geometry in the `ReadJP2Image()` function in `coders/jp2.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-25T00:39:36", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2020-10-14T21:09:37", "id": "VERACODE:4961", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4961/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:29:56", "description": "ImageMagick is vulnerable to denial of service (DoS) through use-after-free attacks. A malicious user can attempt to use memory that has been freed through the `ReadWMFImage()` function in coders/wmf.c. This leads to the application crashing.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T02:36:45", "type": "veracode", "title": "Denial Of Service (DoS) Through Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2019-05-15T06:18:28", "id": "VERACODE:4866", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4866/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:24:22", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A flaw in the `WritePALMImage` function can lead to a Floating Point Exception (FPE) when processing a file in convert, leading to the application crashing.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-24T00:19:23", "type": "veracode", "title": "Denial Of Service (DoS) Through Floating Point Exception (FPE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2019-10-03T07:09:53", "id": "VERACODE:4641", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4641/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:24:07", "description": "ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the `TIFFWriteScanline()` function in `tif_write.c` can be triggered through a file being processed in convert.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-24T00:13:00", "type": "veracode", "title": "Heap-based Buffer Over-read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T07:05:18", "id": "VERACODE:4640", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4640/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:23:38", "description": "ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the `WriteUILImage` function can be triggered through a file being processed in convert.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T23:57:45", "type": "veracode", "title": "Heap-based Buffer Over-read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2019-10-03T07:05:48", "id": "VERACODE:4639", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4639/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:16:09", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A large loop occurs when a malicious user passes a large PWP file to the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T07:29:43", "type": "veracode", "title": "Denial Of Service (DoS) Through Large Loop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T07:15:32", "id": "VERACODE:4875", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4875/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:29:27", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The library is missing a null check, allowing malicious to crash the application by passing a malicious MAT file to the `ReadMATImage()` function in coders/mat.c\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T03:17:46", "type": "veracode", "title": "Denial Of Service (DoS) Through Missing NULL Check", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2019-10-03T07:11:09", "id": "VERACODE:4869", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4869/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:23:55", "description": "ImageMagick is susceptible to information disclosure. When loading raster data, the library accesses uninitialized data in `ReadMATImage()` function in coders/mat.c, disclosing sensitive information.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-24T08:19:15", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2020-05-08T06:34:20", "id": "VERACODE:4958", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4958/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-18T16:24:22", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The `ReadWMFImage()` function in coders/wmf.c lead to attacks in `CloneDrawInfo()` in draw.c because it does not properly handle the memory, causing high CPU consumption when processing a malicious file.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-07T01:14:35", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2019-10-03T07:10:31", "id": "VERACODE:4863", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4863/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:29:18", "description": "ImageMagick is vulnerable to address access exception. The exception is possible in the `WritePTIFImage()` function in `coders/tiff.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T09:03:37", "type": "veracode", "title": "Address Access Exception", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2019-05-15T06:18:27", "id": "VERACODE:4752", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4752/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:14:46", "description": "ImageMagick is vulnerable to denial of service (DoS) through memory exhaustion. A malicious user can pass a pcx image file to the application that can cause memory exhaustion, crashing the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T02:47:55", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2019-10-03T07:08:18", "id": "VERACODE:4867", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4867/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:29:25", "description": "ImageMagick is vulnerable to heap-based buffer over-read. The vulnerability is possible because `WriteCIPImage()` function in `coders/cip.c` does not prevent processing of malicious file in covert.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T08:49:21", "type": "veracode", "title": "Heap-Based Buffer Over-read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2019-10-03T07:07:02", "id": "VERACODE:4751", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4751/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:14:36", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a PES file to the application to cause an infinite loop. This can cause CPU exhaustion in the application, crashing the system.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-19T16:29:17", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2019-10-03T07:05:38", "id": "VERACODE:4598", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4598/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:15:43", "description": "ImageMagick is vulnerable to out-of-bounds read. A malicious user can pass a PNG file to the application to cause an out-of-bounds read, crashing the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-08T03:01:51", "type": "veracode", "title": "Out-Of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2020-10-14T21:09:33", "id": "VERACODE:4878", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4878/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:14:44", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The `ReadTXTImage` function doesn't take into account the end-of-file condition when reading files which causes it to enter an infinite loop.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T21:44:35", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T07:09:35", "id": "VERACODE:4630", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4630/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:28:51", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The attacks can be triggered because the function `ResetImageProfileIterator` in `profile.c` does not properly handle a malicious file and that leads to an assertion failure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-08T01:43:48", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9500"], "modified": "2019-10-03T07:19:39", "id": "VERACODE:4399", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4399/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-03T14:39:02", "description": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in\ncoders/png.c, leading to an invalid free in the function\nRelinquishMagickMemory in MagickCore/memory.c, which allows attackers to\ncause a denial of service.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/621>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870119>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0124-bad-free-in-RelinquishMagickMemory.patch in unstable 0096-bad-free-in-RelinquishMagickMemory.patch in stretch xenial and trusty don't look vulnerable\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12671", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12671", "href": "https://ubuntu.com/security/CVE-2017-12671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:27:05", "description": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image\nfunction in coders/jp2.c does not properly validate the channel geometry,\nleading to a crash.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/501>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869830>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0097-Fix-a-crash-in-jp2-codec.patch in unstable 0084-Fix-a-crash-in-jp2-codec.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13145", "href": "https://ubuntu.com/security/CVE-2017-13145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:17", "description": "In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the\nfunction ReadWMFImage in coders/wmf.c, which allows attackers to cause a\ndenial of service.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/555>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869715>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0079-Use-after-free-in-ReadWMFImage.patch in unstable 0079-Use-after-free-in-ReadWMFImage.patch in stretch 0267-CVE-2017-12431-Fix-use-after-free-in-ReadWMFImage.patch in wheezy 0258-CVE-2017-12431.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12431", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2017-08-04T00:00:00", "id": "UB:CVE-2017-12431", "href": "https://ubuntu.com/security/CVE-2017-12431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:27:03", "description": "In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage\nfunction in coders/png.c allows remote attackers to cause a denial of\nservice (application hang in LockSemaphoreInfo) via a PNG file with a width\nequal to MAGICK_WIDTH_LIMIT.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/596>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870111>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0119-Stuck-in-LockSemaphoreInfo-after-reading-a-png-with-.patch in unstable 0094-Stuck-in-LockSemaphoreInfo-after-reading-a-png-with-.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13140", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13140"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13140", "href": "https://ubuntu.com/security/CVE-2017-13140", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:27:01", "description": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could\ntrigger a memory leak in ReadOnePNGImage in coders/png.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/600>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0121-coders-png.c-Memory-leak-Fixed-Issue-600.patch in unstable 0095-coders-png.c-Memory-leak-Fixed-Issue-600.patch in stretch not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13141", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13141"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13141", "href": "https://ubuntu.com/security/CVE-2017-13141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto a Floating Point Exception (FPE) in the WritePALMImage() function in\ncoders/palm.c, related to an incorrect bits-per-pixel calculation.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/560>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869712>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0081-CVE-2017-11537-palm-coder-FPE.patch in unstable 0080-CVE-2017-11537-palm-coder-FPE.patch in stretch 0252-CVE-2017-11537-Fix-floating-point-exception-in-convert-WritePALImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11537", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11537", "href": "https://ubuntu.com/security/CVE-2017-11537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:15", "description": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the\nfunction ReadWMFImage in coders/wmf.c, which allows attackers to cause a\ndenial of service in CloneDrawInfo in draw.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/544>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869713>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0078-wmf-file-memory-leak-in-CloneDrawInfo.patch in unstable 0078-wmf-file-memory-leak-in-CloneDrawInfo.patch in stretch 0264-CVE-2017-12428-Fix-denial-of-service-memory-leak-in-ReadWMFImage.patch in wheezy not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12428", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2017-08-04T00:00:00", "id": "UB:CVE-2017-12428", "href": "https://ubuntu.com/security/CVE-2017-12428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:27:06", "description": "In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or\nheight exceeds limit\" error report) if the image dimensions are too large,\nas demonstrated by use of the mpc coder.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728>\n * <https://launchpad.net/bugs/1793485>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0085-Avoid-a-crash-in-mpc-coder.patch in unstable 0081-Avoid-a-crash-in-mpc-coder.patch in stretch 0297-CVE-2017-13144-Fix-application-crash-if-image-dimensions-are-too-large.patch in wheezy 0261-CVE-2017-13144.patch in jessie \n[sbeattie](<https://launchpad.net/~sbeattie>) | this fix introduced a regression in xenial and trusty (LP: #1793485) and was reverted for those releases in USN 3785-1\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13144"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13144", "href": "https://ubuntu.com/security/CVE-2017-13144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto a heap-based buffer over-read in the WritePSImage() function in\ncoders/ps.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/561>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869827>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0096-CVE-2017-11535-heap-based-overflow-in-ps.c.patch in unstable 0083-CVE-2017-11535-heap-based-overflow-in-ps.c.patch in stretch 0251-CVE-2017-11535-Fix-buffer-over-read-in-convert-WritePSImage.patch in wheezy 0270-CVE-2017-11535.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11535", "href": "https://ubuntu.com/security/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:27:06", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file\ncould trigger a crash because there was an insufficient check for short\nfiles.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870105>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0114-Validate-png-file.patch in unstable 0091-Validate-png-file.patch in stretch 0294-CVE-2017-13142-Fix-short-file-check-in-png.c-1-2.patch and 0295-CVE-2017-13142-Fix-short-file-check-in-png.c-2-2.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13142", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13142", "href": "https://ubuntu.com/security/CVE-2017-13142", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto a heap-based buffer over-read in the WriteUILImage() function in\ncoders/uil.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/562>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869834>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0099-CVE-2017-11533-heap-buffer-overflow-in-uil-coder.patch in unstable 0085-CVE-2017-11533-heap-buffer-overflow-in-uil-coder.patch in stretch 0249-CVE-2017-11533-Fix-buffer-over-read-in-convert-WriteUILImage.patch in wheezy 0271-CVE-2017-11533.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11533", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11533", "href": "https://ubuntu.com/security/CVE-2017-11533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:58", "description": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an\ninfinite loop vulnerability that can cause CPU exhaustion via a crafted PES\nfile.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/537>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868950>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this is 0086-CVE-2017-11446.patch in unstable this is 0082-CVE-2017-11446.patch in stretch this is 0245-CVE-2017-11446-Fix-infinite-loop-CPU-exhaustion-in-ReadPESImage.patch in wheezy not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-19T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11446", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2017-07-19T00:00:00", "id": "UB:CVE-2017-11446", "href": "https://ubuntu.com/security/CVE-2017-11446", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T14:39:36", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto a heap-based buffer over-read in the WriteCIPImage() function in\ncoders/cip.c, related to the GetPixelLuma function in\nMagickCore/pixel-accessor.h.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/588>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870065>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0112-CVE-2017-11639.patch in unstable 0089-CVE-2017-11639.patch in stretch 0254-CVE-2017-11639-Fix-buffer-over-read-in-convert-WriteCIPImage.patch in wheezy 0269-CVE-2017-11639.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11639", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2017-07-26T00:00:00", "id": "UB:CVE-2017-11639", "href": "https://ubuntu.com/security/CVE-2017-11639", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:14", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage\nfunction in coders\\pwp.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/535>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870526>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0142-Avoid-unbounded-loop-in-pwp-coder.patch in unstable 0098-Avoid-unbounded-loop-in-pwp-coder.patchin stretch 0276-CVE-2017-12587-Fix-large-loop-vulnerability-in-ReadPWPImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12587", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2017-08-06T00:00:00", "id": "UB:CVE-2017-12587", "href": "https://ubuntu.com/security/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:39:17", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the\nfunction ReadPCXImage in coders/pcx.c, which allows attackers to cause a\ndenial of service.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/536>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870491>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0131-Memory-exhaustion-in-PCX-coder.patch in unstable 0097-Memory-exhaustion-in-PCX-coder.patch in stretch 0268-CVE-2017-12432-Fix-memory-exhaustion-in-ReadPCXImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12432", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2017-08-04T00:00:00", "id": "UB:CVE-2017-12432", "href": "https://ubuntu.com/security/CVE-2017-12432", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:27:09", "description": "In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage\nfunction in coders/mat.c uses uninitialized data, which might allow remote\nattackers to obtain sensitive information from process memory.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/362>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870012>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0100-Use-of-uninitialized-data-in-ImageMagick-coders-mat..patch in unstable 0086-Use-of-uninitialized-data-in-ImageMagick-coders-mat..patch in stretch 0296-CVE-2017-13143-Fix-use-of-uninitialized-data-in-ReadMATImage.patch in wheezy 0268-CVE-2017-13143.patch in jessie\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13143", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13143", "href": "https://ubuntu.com/security/CVE-2017-13143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T14:39:15", "description": "In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the\nfunction ReadMATImage in coders/mat.c, which allows attackers to cause a\ndenial of service (assertion failure) in DestroyImageInfo in image.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/547>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870014>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | trusty and xenial don't have the same code path and don't appear vulnerable. 0103-assertion-failed-in-DestroyImageInfo.patch in unstable 0088-assertion-failed-in-DestroyImageInfo.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12434", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2017-08-04T00:00:00", "id": "UB:CVE-2017-12434", "href": "https://ubuntu.com/security/CVE-2017-12434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:36", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto an address access exception in the WritePTIFImage() function in\ncoders/tiff.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/584>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870067>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0113-CVE-2017-11640.patch in unstable 0090-CVE-2017-11640.patch in stretch 0255-CVE-2017-11640-Fix-address-access-exception-in-convert-WritePTIFImage-1-2.patch in wheezy 0257-CVE-2017-11640.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2017-07-26T00:00:00", "id": "UB:CVE-2017-11640", "href": "https://ubuntu.com/security/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:08", "description": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in\nReadOneMNGImage in coders/png.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/542>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870106>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0115-Heap-buffer-overflow-in-ReadOneMNGImage.patch in unstable 0092-Heap-buffer-overflow-in-ReadOneMNGImage.patch in stretch 0277-CVE-2017-12640-Fix-out-of-bounds-read-vulnerability-in-ReadOneMNGImage.patch in wheezy 0259-CVE-2017-12640.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12640", "href": "https://ubuntu.com/security/CVE-2017-12640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0\nand 7.x through 7.0.6-1 allows remote attackers to cause a denial of\nservice (infinite loop) via a crafted file, because the end-of-file\ncondition is not considered.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/591>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869210>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0102-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in unstable This is 0087-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in stretch This is 0243-Fix-endless-loop-in-ReadTXTImage.patch in wheezy not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11523", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11523", "href": "https://ubuntu.com/security/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:27:05", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage\nfunction in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870109>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0118-out-of-bounds-read-with-the-MNG-CLIP-chunk.patch in unstable 0093-out-of-bounds-read-with-the-MNG-CLIP-chunk.patch in stretch 0293-CVE-2017-13139-Fix-out-of-bounds-read-with-MNG-CLIP-chunk-in-ReadOneMNGImage.patch in wheezy 0260-CVE-2017-13139.patch in jessie\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13139", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13139"], "modified": "2017-08-23T00:00:00", "id": "UB:CVE-2017-13139", "href": "https://ubuntu.com/security/CVE-2017-13139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:33:45", "description": "In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function\nResetImageProfileIterator, which allows attackers to cause a denial of\nservice via a crafted file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/500>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867778>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | reproducer in github report \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0219-CVE-2017-9500-Fix-denial-of-service-in-the-function-ResetImageProfileIterator-via-crafted-file.patch in wheezy 0077-Fix-CVE-2017-9500.patch in stretch 0077-Fix-CVE-2017-9500.patch in unstable code in xenial and older is different, doesn't look affected\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9500", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9500"], "modified": "2017-06-07T00:00:00", "id": "UB:CVE-2017-9500", "href": "https://ubuntu.com/security/CVE-2017-9500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T03:01:29", "description": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T21:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2017-11-07T02:29:00", "id": "PRION:CVE-2017-12671", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:02:19", "description": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13141"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-13141", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:59:36", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11535", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:02:19", "description": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2020-10-14T19:00:00", "id": "PRION:CVE-2017-13145", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:02:18", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2019-05-14T13:29:00", "id": "PRION:CVE-2017-13142", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13142", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:59:37", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11533", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:02", "description": "In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "prion", "title": "Double free", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-12431", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:02:18", "description": "In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or height exceeds limit\" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13144"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-13144", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:02:18", "description": "In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13140"], "modified": "2017-11-13T02:29:00", "id": "PRION:CVE-2017-13140", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13140", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:59:37", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11537", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:59:48", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11639", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11639", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:03", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-12432", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12432", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:01:03", "description": "In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-12434", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:27", "description": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2020-10-14T18:16:00", "id": "PRION:CVE-2017-12640", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:02:18", "description": "In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-13143", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T03:01:02", "description": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-12428", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T02:59:23", "description": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-19T07:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11446", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11446", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:59:35", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11523", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:59:48", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-11640", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:21", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-12587", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:02:19", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-23T06:29:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13139"], "modified": "2020-10-14T18:56:00", "id": "PRION:CVE-2017-13139", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:22:17", "description": "In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-07T14:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9500"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-9500", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-9500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T21:29:00", "type": "debiancve", "title": "CVE-2017-12671", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2017-08-07T21:29:00", "id": "DEBIANCVE:CVE-2017-12671", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13141", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13141"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13141", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or height exceeds limit\" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13144"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13144", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13145", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "debiancve", "title": "CVE-2017-11533", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2017-07-23T03:29:00", "id": "DEBIANCVE:CVE-2017-11533", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13140", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13140"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13140", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13140", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "debiancve", "title": "CVE-2017-12434", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2017-08-04T10:29:00", "id": "DEBIANCVE:CVE-2017-12434", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "debiancve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2017-07-23T03:29:00", "id": "DEBIANCVE:CVE-2017-11535", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13142", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13142", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13142", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "debiancve", "title": "CVE-2017-11537", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2017-07-23T03:29:00", "id": "DEBIANCVE:CVE-2017-11537", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "debiancve", "title": "CVE-2017-12431", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2017-08-04T10:29:00", "id": "DEBIANCVE:CVE-2017-12431", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "debiancve", "title": "CVE-2017-12428", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2017-08-04T10:29:00", "id": "DEBIANCVE:CVE-2017-12428", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "debiancve", "title": "CVE-2017-12432", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2017-08-04T10:29:00", "id": "DEBIANCVE:CVE-2017-12432", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12432", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-19T07:29:00", "type": "debiancve", "title": "CVE-2017-11446", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2017-07-19T07:29:00", "id": "DEBIANCVE:CVE-2017-11446", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11446", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "debiancve", "title": "CVE-2017-12587", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2017-08-06T14:29:00", "id": "DEBIANCVE:CVE-2017-12587", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "debiancve", "title": "CVE-2017-11640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2017-07-26T08:29:00", "id": "DEBIANCVE:CVE-2017-11640", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13139", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13139"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13139", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "debiancve", "title": "CVE-2017-12640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2017-08-07T15:29:00", "id": "DEBIANCVE:CVE-2017-12640", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "debiancve", "title": "CVE-2017-11639", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2017-07-26T08:29:00", "id": "DEBIANCVE:CVE-2017-11639", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11639", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "debiancve", "title": "CVE-2017-13143", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2017-08-23T06:29:00", "id": "DEBIANCVE:CVE-2017-13143", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "debiancve", "title": "CVE-2017-11523", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2017-07-22T21:29:00", "id": "DEBIANCVE:CVE-2017-11523", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T18:26:56", "description": "In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-07T14:29:00", "type": "debiancve", "title": "CVE-2017-9500", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9500"], "modified": "2017-06-07T14:29:00", "id": "DEBIANCVE:CVE-2017-9500", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:48:11", "description": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-08-30T15:19:16", "type": "redhatcve", "title": "CVE-2017-13145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2020-10-15T12:03:42", "id": "RH:CVE-2017-13145", "href": "https://access.redhat.com/security/cve/cve-2017-13145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:49:03", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T16:19:44", "type": "redhatcve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-12T00:21:49", "id": "RH:CVE-2017-11535", "href": "https://access.redhat.com/security/cve/cve-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:11", "description": "In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-30T14:50:15", "type": "redhatcve", "title": "CVE-2017-13140", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13140"], "modified": "2019-10-12T00:44:43", "id": "RH:CVE-2017-13140", "href": "https://access.redhat.com/security/cve/cve-2017-13140", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:11", "description": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-30T14:49:59", "type": "redhatcve", "title": "CVE-2017-13141", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13141"], "modified": "2019-10-12T00:44:43", "id": "RH:CVE-2017-13141", "href": "https://access.redhat.com/security/cve/cve-2017-13141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:45", "description": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-24T13:19:18", "type": "redhatcve", "title": "CVE-2017-12671", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2019-10-12T00:39:26", "id": "RH:CVE-2017-12671", "href": "https://access.redhat.com/security/cve/cve-2017-12671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:49:03", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T16:20:27", "type": "redhatcve", "title": "CVE-2017-11533", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2019-10-12T00:21:30", "id": "RH:CVE-2017-11533", "href": "https://access.redhat.com/security/cve/cve-2017-11533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:34", "description": "In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-17T19:49:02", "type": "redhatcve", "title": "CVE-2017-12431", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2019-10-12T00:36:15", "id": "RH:CVE-2017-12431", "href": "https://access.redhat.com/security/cve/cve-2017-12431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:49:02", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T16:20:12", "type": "redhatcve", "title": "CVE-2017-11537", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2019-10-12T00:21:47", "id": "RH:CVE-2017-11537", "href": "https://access.redhat.com/security/cve/cve-2017-11537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:13", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-30T14:49:47", "type": "redhatcve", "title": "CVE-2017-13142", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2019-10-12T00:44:49", "id": "RH:CVE-2017-13142", "href": "https://access.redhat.com/security/cve/cve-2017-13142", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:29", "description": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-18T18:49:35", "type": "redhatcve", "title": "CVE-2017-12640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2020-10-15T12:02:39", "id": "RH:CVE-2017-12640", "href": "https://access.redhat.com/security/cve/cve-2017-12640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:48:40", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-26T18:48:23", "type": "redhatcve", "title": "CVE-2017-11639", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2019-10-12T00:23:42", "id": "RH:CVE-2017-11639", "href": "https://access.redhat.com/security/cve/cve-2017-11639", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:12", "description": "In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or height exceeds limit\" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-30T15:19:30", "type": "redhatcve", "title": "CVE-2017-13144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13144"], "modified": "2019-10-12T03:04:28", "id": "RH:CVE-2017-13144", "href": "https://access.redhat.com/security/cve/cve-2017-13144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:47", "description": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-24T14:18:32", "type": "redhatcve", "title": "CVE-2017-11446", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2020-03-25T10:01:25", "id": "RH:CVE-2017-11446", "href": "https://access.redhat.com/security/cve/cve-2017-11446", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:33", "description": "In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-18T20:18:36", "type": "redhatcve", "title": "CVE-2017-12434", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2019-10-12T00:36:19", "id": "RH:CVE-2017-12434", "href": "https://access.redhat.com/security/cve/cve-2017-12434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:34", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-17T20:18:42", "type": "redhatcve", "title": "CVE-2017-12432", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2019-10-12T00:36:16", "id": "RH:CVE-2017-12432", "href": "https://access.redhat.com/security/cve/cve-2017-12432", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:31", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-21T12:49:22", "type": "redhatcve", "title": "CVE-2017-12587", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-12T00:37:02", "id": "RH:CVE-2017-12587", "href": "https://access.redhat.com/security/cve/cve-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:48:34", "description": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-17T18:48:25", "type": "redhatcve", "title": "CVE-2017-12428", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2019-10-12T00:36:03", "id": "RH:CVE-2017-12428", "href": "https://access.redhat.com/security/cve/cve-2017-12428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:39", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-26T18:48:39", "type": "redhatcve", "title": "CVE-2017-11640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2019-10-12T00:23:45", "id": "RH:CVE-2017-11640", "href": "https://access.redhat.com/security/cve/cve-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:48:50", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T13:50:22", "type": "redhatcve", "title": "CVE-2017-11523", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-12T00:21:00", "id": "RH:CVE-2017-11523", "href": "https://access.redhat.com/security/cve/cve-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:14", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-30T14:49:18", "type": "redhatcve", "title": "CVE-2017-13139", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13139"], "modified": "2020-10-15T12:01:44", "id": "RH:CVE-2017-13139", "href": "https://access.redhat.com/security/cve/cve-2017-13139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:48:14", "description": "In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-30T14:49:33", "type": "redhatcve", "title": "CVE-2017-13143", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2019-10-12T00:44:50", "id": "RH:CVE-2017-13143", "href": "https://access.redhat.com/security/cve/cve-2017-13143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-02T22:49:46", "description": "In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-06-15T14:50:00", "type": "redhatcve", "title": "CVE-2017-9500", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9500"], "modified": "2019-10-12T01:06:02", "id": "RH:CVE-2017-9500", "href": "https://access.redhat.com/security/cve/cve-2017-9500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:37:35", "description": "In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "cve", "title": "CVE-2017-12431", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12431"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:19", "description": "In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or height exceeds limit\" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13144", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13144"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:6.9.7-9"], "id": "CVE-2017-13144", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13144", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:6.9.7-9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:16", "description": "In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13140", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13140"], "modified": "2017-11-13T02:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.5-10", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.6-0", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.5-3", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:6.9.9-0", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.5-2", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13140", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:19", "description": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13141", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13141"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.5-10", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.6-0", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.5-3", "cpe:/a:imagemagick:imagemagick:7.0.6-3", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:6.9.9-3", "cpe:/a:imagemagick:imagemagick:7.0.5-2", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.6-2", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:21", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "cve", "title": "CVE-2017-11535", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:54", "description": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-07T21:29:00", "type": "cve", "title": "CVE-2017-12671", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12671"], "modified": "2017-11-07T02:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-3"], "id": "CVE-2017-12671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12671", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:20", "description": "In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13145", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13145"], "modified": "2020-10-14T19:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:6.9.8-7", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13145", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.8-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:20", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "cve", "title": "CVE-2017-11533", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11533"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:37", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "cve", "title": "CVE-2017-11537", "cwe": ["CWE-682"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11537"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11537", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:17", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13142", "cwe": ["CWE-754"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142"], "modified": "2019-05-14T13:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.5-10", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.6-0", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.5-3", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:6.9.9-0", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.5-2", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13142", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:32:54", "description": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-19T07:29:00", "type": "cve", "title": "CVE-2017-11446", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11446"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11446", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11446", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:37:35", "description": "In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "cve", "title": "CVE-2017-12434", "cwe": ["CWE-617"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12434"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:37:33", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "cve", "title": "CVE-2017-12432", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12432"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12432", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:26", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "cve", "title": "CVE-2017-12587", "cwe": ["CWE-834"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12587", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:37:35", "description": "In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "cve", "title": "CVE-2017-12428", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12428"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:15", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "cve", "title": "CVE-2017-11523", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:6.9.9-0", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-11523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:17", "description": "In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13139", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13139"], "modified": "2020-10-14T18:56:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.5-10", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.6-0", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.5-3", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:6.9.9-0", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.5-2", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13139", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:44", "description": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "cve", "title": "CVE-2017-12640", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12640"], "modified": "2020-10-14T18:16:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-12640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12640", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:53", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "cve", "title": "CVE-2017-11640", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:51", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "cve", "title": "CVE-2017-11639", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11639"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11639", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:20", "description": "In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-23T06:29:00", "type": "cve", "title": "CVE-2017-13143", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13143"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:6.9.7-5", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-13143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*: