Description
The remote host is missing an update for the
Related
{"id": "OPENVAS:1361412562310851663", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)", "description": "The remote host is missing an update for the ", "published": "2017-12-13T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851663", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017:3270-1"], "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "immutableFields": [], "lastseen": "2020-01-31T18:27:08", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-10799", "CVE-2017-12140", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-14733", "CVE-2017-14994"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1045-1:24D9D", "DEBIAN:DLA-1045-1:712EB", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DLA-1401-1:300F8", "DEBIAN:DLA-1401-1:A41C0", "DEBIAN:DLA-1456-1:6B17B", "DEBIAN:DLA-1755-1:376D8", "DEBIAN:DLA-1755-1:C5328", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DLA-2366-1:3ECD0", "DEBIAN:DLA-2366-1:54E1C", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10799", "DEBIANCVE:CVE-2017-12140", "DEBIANCVE:CVE-2017-12644", "DEBIANCVE:CVE-2017-12662", "DEBIANCVE:CVE-2017-14733", "DEBIANCVE:CVE-2017-14994"]}, {"type": "fedora", "idList": ["FEDORA:082456076F55", "FEDORA:137B4601EDDC", "FEDORA:18B1D6079267", "FEDORA:2A5176076F55", "FEDORA:30E8F601EDDA", "FEDORA:408C160062DD", "FEDORA:4FEEB6076F55", "FEDORA:575B16076F55", "FEDORA:5BF646060E83", "FEDORA:5C7D56076F55", "FEDORA:5CBAB606E48C", "FEDORA:5EF1A6076F55", "FEDORA:6541E60748F9", "FEDORA:6B591601EDDE", "FEDORA:6DAC2601EDDA", "FEDORA:748906076F55", "FEDORA:791786076F55", "FEDORA:8F8C0601EDDE", "FEDORA:93FF76076F55", "FEDORA:9766D6076F55", "FEDORA:999936076F55", "FEDORA:A088E6076F55", "FEDORA:A58296076F55", "FEDORA:BE87C60748F9", "FEDORA:C1BBA6076F55", "FEDORA:C41F46076F55", "FEDORA:C7F6A6178920", "FEDORA:E7E3A6076F55", "FEDORA:F0880601EDDA", "FEDORA:F10E86076F55"]}, {"type": "freebsd", "idList": ["25F73C47-68A8-4A30-9CBC-1CA5EEA4D6BA"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "mageia", "idList": ["MGASA-2017-0229"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1045.NASL", "DEBIAN_DLA-1081.NASL", "DEBIAN_DLA-1154.NASL", "DEBIAN_DLA-1401.NASL", "DEBIAN_DLA-1456.NASL", "DEBIAN_DLA-1755.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DLA-2366.NASL", "DEBIAN_DSA-4321.NASL", "FEDORA_2017-02008FED70.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-3AC2E9B354.NASL", "FEDORA_2017-8F27031C8F.NASL", "FEDORA_2017-FBA331BB86.NASL", "FEDORA_2019-425A1AA7C9.NASL", "FEDORA_2019-DA4C20882C.NASL", "FREEBSD_PKG_25F73C4768A84A309CBC1CA5EEA4D6BA.NASL", "GENTOO_GLSA-201711-07.NASL", "OPENSUSE-2017-1362.NASL", "OPENSUSE-2017-1413.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-4206-1.NASL", "UBUNTU_USN-4232-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704321", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310844255", "OPENVAS:1361412562310844287", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310872875", "OPENVAS:1361412562310872878", "OPENVAS:1361412562310873390", "OPENVAS:1361412562310873391", "OPENVAS:1361412562310873392", "OPENVAS:1361412562310873394", "OPENVAS:1361412562310873399", "OPENVAS:1361412562310873400", "OPENVAS:1361412562310873404", "OPENVAS:1361412562310873407", "OPENVAS:1361412562310873408", "OPENVAS:1361412562310873409", "OPENVAS:1361412562310873410", "OPENVAS:1361412562310873412", "OPENVAS:1361412562310873417", "OPENVAS:1361412562310873419", "OPENVAS:1361412562310873420", "OPENVAS:1361412562310873422", "OPENVAS:1361412562310873424", "OPENVAS:1361412562310873425", "OPENVAS:1361412562310873427", "OPENVAS:1361412562310873429", "OPENVAS:1361412562310873431", "OPENVAS:1361412562310873432", "OPENVAS:1361412562310873434", "OPENVAS:1361412562310873436", "OPENVAS:1361412562310873438", "OPENVAS:1361412562310876545", "OPENVAS:1361412562310876546", "OPENVAS:1361412562310891045", "OPENVAS:1361412562310891081", "OPENVAS:1361412562310891401", "OPENVAS:1361412562310891456", "OPENVAS:1361412562310891755", "OPENVAS:1361412562310891785"]}, {"type": "osv", "idList": ["OSV:DLA-1045-1", "OSV:DLA-1081-1", "OSV:DLA-1130-1", "OSV:DLA-1154-1", "OSV:DLA-1401-1", "OSV:DLA-1456-1", "OSV:DLA-1755-1", "OSV:DLA-1785-1", "OSV:DLA-2366-1", "OSV:DSA-4321-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12140", "RH:CVE-2017-12644", "RH:CVE-2017-12662"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1", "USN-4206-1", "USN-4232-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10799", "UB:CVE-2017-12140", "UB:CVE-2017-12644", "UB:CVE-2017-12662", "UB:CVE-2017-14733", "UB:CVE-2017-14994"]}, {"type": "veracode", "idList": ["VERACODE:26969"]}]}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-10799", "CVE-2017-12140", "CVE-2017-12644", "CVE-2017-12662"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1045-1:712EB", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10799", "DEBIANCVE:CVE-2017-12140", "DEBIANCVE:CVE-2017-12644", "DEBIANCVE:CVE-2017-12662", "DEBIANCVE:CVE-2017-14733", "DEBIANCVE:CVE-2017-14994"]}, {"type": "fedora", "idList": ["FEDORA:18B1D6079267", "FEDORA:5BF646060E83", "FEDORA:5CBAB606E48C"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/REDHAT_LINUX-CVE-2016-7545/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1045.NASL", "FEDORA_2017-02008FED70.NASL", "FEDORA_2017-3AC2E9B354.NASL", "FEDORA_2017-FBA331BB86.NASL", "GENTOO_GLSA-201711-07.NASL", "OPENSUSE-2017-1362.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "UBUNTU_USN-3681-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843556", "OPENVAS:1361412562310872875", "OPENVAS:1361412562310872878"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12140", "RH:CVE-2017-12644", "RH:CVE-2017-12662"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1"]}, {"type": "ubuntu", "idList": ["USN-3681-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10799", "UB:CVE-2017-12140", "UB:CVE-2017-12644", "UB:CVE-2017-12662", "UB:CVE-2017-14733", "UB:CVE-2017-14994"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-10799", "epss": "0.001480000", "percentile": "0.491220000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14994", "epss": "0.005010000", "percentile": "0.726910000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12644", "epss": "0.004540000", "percentile": "0.713320000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12140", "epss": "0.003640000", "percentile": "0.680200000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14733", "epss": "0.004250000", "percentile": "0.703210000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12662", "epss": "0.003100000", "percentile": "0.653230000", "modified": "2023-03-15"}], "vulnersScore": 0.7}, "_state": {"dependencies": 1678915652, "score": 1683939795, "epss": 1678933836}, "_internal": {"score_hash": "e64dc0b9938da2f3b4d4853580bc1f32"}, "pluginID": "1361412562310851663", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851663\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 07:44:03 +0100 (Wed, 13 Dec 2017)\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-14733\", \"CVE-2017-14994\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3270-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks"}
{"nessus": [{"lastseen": "2023-05-18T14:22:43", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger signedness error leading to excessive memory consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could lead to denial of service (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could lead to denial of service (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage() (bnc#1047054)", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-12140", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-14733", "CVE-2017-14994"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1362.NASL", "href": "https://www.tenable.com/plugins/nessus/105243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1362.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105243);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-14733\", \"CVE-2017-14994\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)\");\n script_summary(english:\"Check for the openSUSE-2017-1362 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a\n ninteger signedness error leading to excessive memory\n consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in\n coders/dcm.c could lead to denial of service\n (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in\n coders/pdf.c could lead to denial of service\n (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service\n (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in\n coders\\dcm.c could lead to denial of service\n (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur\n inReadDPXImage() (bnc#1047054)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061587\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:20:52", "description": "Multiple vulnerabilities were found in graphicsmagick.\n\nCVE-2017-14103\n\nThe ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.\n\nCVE-2017-14314\n\nOff-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.\n\nCVE-2017-14504\n\nReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL pointer Dereference.\n\nCVE-2017-14733\n\nReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.\n\nCVE-2017-14994\n\nReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.\n\nCVE-2017-14997\n\nGraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.\n\nCVE-2017-15930\n\nIn ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a NULL pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.\n\nFor Debian 7 'Wheezy', CVE-2017-15930 has been fixed in version 1.3.16-1.1+deb7u12. The other security issues were fixed in 1.3.16-1.1+deb7u10 on 10 Oct 2017 in DLA-1130-1 but that announcement was never sent out so this advisory also contains the notice about those vulnerabilities.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "nessus", "title": "Debian DLA-1154-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11403", "CVE-2017-14103", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15930"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl"], "id": "DEBIAN_DLA-1154.NASL", "href": "https://www.tenable.com/plugins/nessus/104336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1154-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104336);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14103\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15930\");\n\n script_name(english:\"Debian DLA-1154-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in graphicsmagick.\n\nCVE-2017-14103\n\nThe ReadJNGImage and ReadOneJNGImage functions in coders/png.c in\nGraphicsMagick 1.3.26 do not properly manage image pointers after\ncertain error conditions, which allows remote attackers to conduct\nuse-after-free attacks via a crafted file, related to a ReadMNGImage\nout-of-order CloseBlob call. NOTE: this vulnerability exists because\nof an incomplete fix for CVE-2017-11403.\n\nCVE-2017-14314\n\nOff-by-one error in the DrawImage function in magick/render.c in\nGraphicsMagick 1.3.26 allows remote attackers to cause a denial of\nservice (DrawDashPolygon heap-based buffer over-read and application\ncrash) via a crafted file.\n\nCVE-2017-14504\n\nReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure\nthe correct number of colors for the XV 332 format, leading to a NULL pointer Dereference.\n\nCVE-2017-14733\n\nReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE\nheaders that specify too few colors, which allows remote attackers to\ncause a denial of service (heap-based buffer over-read and application\ncrash) via a crafted file.\n\nCVE-2017-14994\n\nReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote\nattackers to cause a denial of service (NULL pointer dereference) via\na crafted DICOM image, related to the ability of\nDCM_ReadNonNativeImages to yield an image list with zero frames.\n\nCVE-2017-14997\n\nGraphicsMagick 1.3.26 allows remote attackers to cause a denial of\nservice (excessive memory allocation) because of an integer underflow\nin ReadPICTImage in coders/pict.c.\n\nCVE-2017-15930\n\nIn ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a NULL pointer Dereference occurs while transferring JPEG scanlines, related\nto a PixelPacket pointer.\n\nFor Debian 7 'Wheezy', CVE-2017-15930 has been fixed in version\n1.3.16-1.1+deb7u12. The other security issues were fixed in\n1.3.16-1.1+deb7u10 on 10 Oct 2017 in DLA-1130-1 but that announcement\nwas never sent out so this advisory also contains the notice about\nthose vulnerabilities.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:07", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800\n\nSee also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : GraphicsMagick (2017-02008fed70)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:graphicsmagick", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-02008FED70.NASL", "href": "https://www.tenable.com/plugins/nessus/101559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-02008fed70.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101559);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-02008fed70\");\n\n script_name(english:\"Fedora 26 : GraphicsMagick (2017-02008fed70)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800\n\nSee also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-02008fed70\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"GraphicsMagick-1.3.26-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:47", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Fedora 25 : GraphicsMagick (2017-3ac2e9b354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:graphicsmagick", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3AC2E9B354.NASL", "href": "https://www.tenable.com/plugins/nessus/101502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3ac2e9b354.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101502);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-3ac2e9b354\");\n\n script_name(english:\"Fedora 25 : GraphicsMagick (2017-3ac2e9b354)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also\nhttp://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ac2e9b354\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"GraphicsMagick-1.3.26-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:16", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Fedora 24 : GraphicsMagick (2017-fba331bb86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:graphicsmagick", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-FBA331BB86.NASL", "href": "https://www.tenable.com/plugins/nessus/101875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fba331bb86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101875);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-fba331bb86\");\n\n script_name(english:\"Fedora 24 : GraphicsMagick (2017-fba331bb86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also\nhttp://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fba331bb86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"GraphicsMagick-1.3.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:02:04", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14165", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4232-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132748);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2017-14165\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\");\n script_xref(name:\"USN\", value:\"4232-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4232-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4232-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-16352\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:33", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14733", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-3378-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105408", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3378-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105408);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14733\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c allows remote\n attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12587/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12662/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12983/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14172/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14173/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14175/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14341/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14342/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14607/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16546/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173378-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfddb1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13384=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13384=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13384=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.78.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:10:37", "description": "Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer over-reads and a memory leak may lead to a denial of service or information disclosure.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Debian DLA-1755-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1755.NASL", "href": "https://www.tenable.com/plugins/nessus/124036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1755-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2019-11006\", \"CVE-2019-11007\", \"CVE-2019-11008\", \"CVE-2019-11009\", \"CVE-2019-11010\");\n\n script_name(english:\"Debian DLA-1755-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial of service or information\ndisclosure.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:24", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] \n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] \n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] \n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-12-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-1413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14138", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14733", "CVE-2017-14989", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/105455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1413.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105455);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-1413)\");\n script_summary(english:\"Check for the openSUSE-2017-1413 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service\n [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap\n buffer overflow could lead to denial of service\n [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could\n lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow\n remote attackers to cause a denial of service via\n crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in\n ReadWEBPImage in coders/webp.c could lead to denial of\n service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in\n coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c inImageMagick\n 7.0.6-8 allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows\n remote attackers to cause a denial of service\n [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116] \n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441] \n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847] \n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067409\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:46", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14138", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14733", "CVE-2017-14989", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3388-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3388-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105409);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service\n [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap\n buffer overflow could lead to denial of service\n [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could\n lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow\n remote attackers to cause a denial of service via\n crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in\n ReadWEBPImage in coders/webp.c could lead to denial of\n service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in\n coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c inImageMagick\n 7.0.6-8 allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows\n remote attackers to cause a denial of service\n [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12587/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12662/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12983/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14172/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14173/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14175/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14341/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14342/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14607/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14682/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14989/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15217/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16669/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173388-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e420b1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-2123=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:14", "description": "GraphicsMagick reports :\n\nMultiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details.", "cvss3": {}, "published": "2018-06-21T00:00:00", "type": "nessus", "title": "FreeBSD : GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-9830", "CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-6335", "CVE-2017-8350"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:graphicsmagick", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_25F73C4768A84A309CBC1CA5EEA4D6BA.NASL", "href": "https://www.tenable.com/plugins/nessus/110628", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110628);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-9830\", \"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-6335\", \"CVE-2017-8350\");\n\n script_name(english:\"FreeBSD : GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GraphicsMagick reports :\n\nMultiple vulnerabilities have been found in GraphicsMagick 1.3.26 or\nearlier. Please refer to the CVE list for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html\"\n );\n # https://vuxml.freebsd.org/freebsd/25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?029ff082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"GraphicsMagick<1.3.26,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:21", "description": "Multiple security vulnerabilities, NULL pointer dereferences, use-after-free and heap based overflows, were discovered in graphicsmagick that can lead to denial of service by consuming all available memory or segmentation faults.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-31T00:00:00", "type": "nessus", "title": "Debian DLA-1045-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/102043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1045-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102043);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\");\n\n script_name(english:\"Debian DLA-1045-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:11", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, CVE-2017-6335).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4206-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-13147", "CVE-2017-14042", "CVE-2017-6335"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4206-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131695", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4206-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131695);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-13147\", \"CVE-2017-14042\", \"CVE-2017-6335\");\n script_xref(name:\"USN\", value:\"4206-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4206-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102,\nCVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637,\nCVE-2017-13147, CVE-2017-14042, CVE-2017-6335).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4206-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:57", "description": "http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "Fedora 29 : GraphicsMagick (2019-425a1aa7c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:graphicsmagick", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-425A1AA7C9.NASL", "href": "https://www.tenable.com/plugins/nessus/126356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-425a1aa7c9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126356);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11473\", \"CVE-2019-11474\");\n script_xref(name:\"FEDORA\", value:\"2019-425a1aa7c9\");\n\n script_name(english:\"Fedora 29 : GraphicsMagick (2019-425a1aa7c9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-425a1aa7c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"GraphicsMagick-1.3.32-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:45", "description": "New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "Fedora 30 : GraphicsMagick (2019-da4c20882c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:graphicsmagick", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-DA4C20882C.NASL", "href": "https://www.tenable.com/plugins/nessus/126361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-da4c20882c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126361);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11473\", \"CVE-2019-11474\");\n script_xref(name:\"FEDORA\", value:\"2019-da4c20882c\");\n\n script_name(english:\"Fedora 30 : GraphicsMagick (2019-da4c20882c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bug and security fix release, see\nhttp://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-da4c20882c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"GraphicsMagick-1.3.32-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:36", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "Debian DSA-4321-1 : graphicsmagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2019-07-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4321.NASL", "href": "https://www.tenable.com/plugins/nessus/118179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4321. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118179);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n script_xref(name:\"DSA\", value:\"4321\");\n\n script_name(english:\"Debian DSA-4321-1 : graphicsmagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in GraphicsMagick, a set\nof command-line applications to manipulate image files, which could\nresult in denial of service or the execution of arbitrary code if\nmalformed image files are processed.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/graphicsmagick\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e247f871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/graphicsmagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphicsmagick packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.3.30+hg15796-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++-q16-12\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick-q16-3\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:14", "description": "Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-28T00:00:00", "type": "nessus", "title": "Debian DLA-1401-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/110727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1401-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110727);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5241\", \"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2017-11636\", \"CVE-2017-11643\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-14314\", \"CVE-2017-14733\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17912\", \"CVE-2017-17915\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DLA-1401-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security issues were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer overflows or\noverreads may lead to a denial of service or disclosure of in-memory\ninformation or other unspecified impact by processing a malformed\nimage file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:03", "description": "Various vulnerabilities were discovered in graphicsmagick, a collection of image processing tools and associated libraries, resulting in denial of service, information disclosure, and a variety of buffer overflows and overreads.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-03T00:00:00", "type": "nessus", "title": "Debian DLA-1456-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5239", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14504", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2017-6335", "CVE-2017-9098", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1456.NASL", "href": "https://www.tenable.com/plugins/nessus/111520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1456-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111520);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5239\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14504\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2017-6335\", \"CVE-2017-9098\", \"CVE-2018-5685\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n\n script_name(english:\"Debian DLA-1456-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities were discovered in graphicsmagick, a\ncollection of image processing tools and associated libraries,\nresulting in denial of service, information disclosure, and a variety\nof buffer overflows and overreads.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:50", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-14482", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3A568ADB31.NASL", "href": "https://www.tenable.com/plugins/nessus/103333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3a568adb31.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103333);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-14482\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n\n script_name(english:\"Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"emacs-25.3-3.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ImageMagick-6.9.9.13-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"WindowMaker-0.95.7-3.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"autotrace-0.31.1-49.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"converseen-0.9.6.2-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"drawtiming-0.7.1-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"gtatool-2.2.0-6.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"imageinfo-0.05-27.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"k3d-0.8.0.6-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"kxstitch-1.2.0-9.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"perl-Image-SubImageFind-0.03-13.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"pfstools-2.0.6-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"php-pecl-imagick-3.4.3-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"psiconv-0.9.8-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"q-7.11-29.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ripright-0.11-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rss-glx-0.9.1.p-27.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rmagick-2.16.0-4.fc25.2\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfig-1.2.0-1.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfigstudio-1.2.0-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"techne-0.2.3-20.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vips-8.4.4-1.fc25.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:12", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:imagemagick", "p-cpe:/a:fedoraproject:fedora:windowmaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:dmtx-utils", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-image-subimagefind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-8F27031C8F.NASL", "href": "https://www.tenable.com/plugins/nessus/103314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8f27031c8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103314);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n\n script_name(english:\"Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f27031c8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dmtx-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"emacs-25.3-3.fc26\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ImageMagick-6.9.9.13-1.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"WindowMaker-0.95.8-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"autotrace-0.31.1-49.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"converseen-0.9.6.2-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"dmtx-utils-0.7.4-4.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"drawtiming-0.7.1-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"gtatool-2.2.0-6.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"imageinfo-0.05-27.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"k3d-0.8.0.6-8.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"kxstitch-1.2.0-9.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"perl-Image-SubImageFind-0.03-13.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"pfstools-2.0.6-3.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"php-pecl-imagick-3.4.3-2.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"psiconv-0.9.8-22.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"q-7.11-29.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"ripright-0.11-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rss-glx-0.9.1.p-29.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rubygem-rmagick-2.16.0-4.fc26.2\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfig-1.2.0-9.fc26.1\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"synfigstudio-1.2.0-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"techne-0.2.3-20.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"vips-8.5.8-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:00", "description": "The remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details.\n Impact :\n\n Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "GLSA-201711-07 : ImageMagick: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11640", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12876", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13132", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13146", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14137", "CVE-2017-14138", "CVE-2017-14139", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14248", "CVE-2017-14249", "CVE-2017-15281"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:imagemagick", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201711-07.NASL", "href": "https://www.tenable.com/plugins/nessus/104515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201711-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104515);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11640\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12876\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13132\", \"CVE-2017-13133\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14137\", \"CVE-2017-14138\", \"CVE-2017-14139\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14248\", \"CVE-2017-14249\", \"CVE-2017-15281\");\n script_xref(name:\"GLSA\", value:\"201711-07\");\n\n script_name(english:\"GLSA-201711-07 : ImageMagick: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201711-07\n(ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n Remote attackers, by enticing a user to process a specially crafted\n file, could obtain sensitive information, cause a Denial of Service\n condition, or have other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201711-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.9.9.20'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.9.9.20\"), vulnerable:make_list(\"lt 6.9.9.20\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:36", "description": "Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Debian DLA-1785-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-5", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1785.NASL", "href": "https://www.tenable.com/plugins/nessus/125093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1785-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-11446\", \"CVE-2017-11523\", \"CVE-2017-11537\", \"CVE-2017-12140\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13133\", \"CVE-2017-13142\", \"CVE-2017-13145\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2017-9500\", \"CVE-2019-10650\", \"CVE-2019-11597\", \"CVE-2019-11598\", \"CVE-2019-9956\");\n\n script_name(english:\"Debian DLA-1785-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Numerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14626\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T15:07:20", "description": "Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "Debian DLA-2366-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-6-common", "p-cpe:/a:debian:debian_linux:imagemagick-6-doc", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16", "p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libimage-magick-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl", "p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6-headers", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-7", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config", "p-cpe:/a:debian:debian_linux:libmagickcore-6-headers", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra", "p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6-headers", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3", "p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2366.NASL", "href": "https://www.tenable.com/plugins/nessus/140297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2366-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140297);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-12140\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12643\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12806\", \"CVE-2017-12875\", \"CVE-2017-13061\", \"CVE-2017-13133\", \"CVE-2017-13658\", \"CVE-2017-13768\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14532\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-15015\", \"CVE-2017-15017\", \"CVE-2017-15281\", \"CVE-2017-17682\", \"CVE-2017-17914\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-16643\", \"CVE-2018-16749\", \"CVE-2018-18025\", \"CVE-2019-11598\", \"CVE-2019-13135\", \"CVE-2019-13308\", \"CVE-2019-13391\", \"CVE-2019-15139\");\n\n script_name(english:\"Debian DLA-2366-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530\n870107 872609 875338 875339 875341 873871 873131 875352 878506 875503\n875502 876105 876099 878546 878545 877354 877355 878524 878547 878548\n878555 878554 878548 878555 878554 878579 885942 886584 928206 941670\n931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-6.q16hdri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libimage-magick-q16hdri-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-arch-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-6.q16hdri-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:11", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-7", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3681-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110516);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10995\", \"CVE-2017-11352\", \"CVE-2017-11533\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12643\", \"CVE-2017-12644\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13058\", \"CVE-2017-13059\", \"CVE-2017-13060\", \"CVE-2017-13061\", \"CVE-2017-13062\", \"CVE-2017-13131\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14325\", \"CVE-2017-14326\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14343\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14531\", \"CVE-2017-14532\", \"CVE-2017-14533\", \"CVE-2017-14607\", \"CVE-2017-14624\", \"CVE-2017-14625\", \"CVE-2017-14626\", \"CVE-2017-14682\", \"CVE-2017-14684\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15015\", \"CVE-2017-15016\", \"CVE-2017-15017\", \"CVE-2017-15032\", \"CVE-2017-15033\", \"CVE-2017-15217\", \"CVE-2017-15218\", \"CVE-2017-15277\", \"CVE-2017-15281\", \"CVE-2017-16546\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-17680\", \"CVE-2017-17681\", \"CVE-2017-17682\", \"CVE-2017-17879\", \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-17884\", \"CVE-2017-17885\", \"CVE-2017-17886\", \"CVE-2017-17887\", \"CVE-2017-17914\", \"CVE-2017-17934\", \"CVE-2017-18008\", \"CVE-2017-18022\", \"CVE-2017-18027\", \"CVE-2017-18028\", \"CVE-2017-18029\", \"CVE-2017-18209\", \"CVE-2017-18211\", \"CVE-2017-18251\", \"CVE-2017-18252\", \"CVE-2017-18254\", \"CVE-2017-18271\", \"CVE-2017-18273\", \"CVE-2018-10177\", \"CVE-2018-10804\", \"CVE-2018-10805\", \"CVE-2018-11251\", \"CVE-2018-11625\", \"CVE-2018-11655\", \"CVE-2018-11656\", \"CVE-2018-5246\", \"CVE-2018-5247\", \"CVE-2018-5248\", \"CVE-2018-5357\", \"CVE-2018-5358\", \"CVE-2018-6405\", \"CVE-2018-7443\", \"CVE-2018-8804\", \"CVE-2018-8960\", \"CVE-2018-9133\");\n script_xref(name:\"USN\", value:\"3681-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : ImageMagick vulnerabilities (USN-3681-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3681-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagick++-6.q16-7\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagickcore-6.q16-3-extra\", pkgver:\"8:6.9.7.4+dfsg-16ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:00", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Debian DLA-1081-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-11531", "CVE-2017-11532", "CVE-2017-11533", "CVE-2017-11534", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11751", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12564", "CVE-2017-12565", "CVE-2017-12566", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12643", "CVE-2017-12654", "CVE-2017-12664", "CVE-2017-12665", "CVE-2017-12668", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12675", "CVE-2017-12676", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-8352", "CVE-2017-9144", "CVE-2017-9501"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/102889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1081-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102889);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11448\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-11531\", \"CVE-2017-11532\", \"CVE-2017-11533\", \"CVE-2017-11534\", \"CVE-2017-11535\", \"CVE-2017-11537\", \"CVE-2017-11539\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-11751\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12428\", \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12431\", \"CVE-2017-12432\", \"CVE-2017-12433\", \"CVE-2017-12435\", \"CVE-2017-12563\", \"CVE-2017-12564\", \"CVE-2017-12565\", \"CVE-2017-12566\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12654\", \"CVE-2017-12664\", \"CVE-2017-12665\", \"CVE-2017-12668\", \"CVE-2017-12670\", \"CVE-2017-12674\", \"CVE-2017-12675\", \"CVE-2017-12676\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13133\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-8352\", \"CVE-2017-9144\", \"CVE-2017-9501\");\n\n script_name(english:\"Debian DLA-1081-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP,\nTIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP,\nPICT, PDB, SFW, or XCF files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"6.7.7.10-5+deb7u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\n\n", "cvss3": {}, "published": "2017-12-12T18:09:44", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "modified": "2017-12-12T18:09:44", "id": "OPENSUSE-SU-2017:3270-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00028.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:00", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n", "cvss3": {}, "published": "2017-12-20T18:09:33", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2017-12-20T18:09:33", "id": "SUSE-SU-2017:3378-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00081.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:00", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers\n to cause a denial of service [bsc#1050083]\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n", "cvss3": {}, "published": "2017-12-20T18:36:37", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2017-12-20T18:36:37", "id": "SUSE-SU-2017:3388-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00082.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:00", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers\n to cause a denial of service [bsc#1050083]\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-12-22T21:12:06", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2017-12-22T21:12:06", "id": "OPENSUSE-SU-2017:3420-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00087.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debiancve": [{"lastseen": "2023-06-23T14:37:51", "description": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-04T01:29:00", "type": "debiancve", "title": "CVE-2017-14994", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14994"], "modified": "2017-10-04T01:29:00", "id": "DEBIANCVE:CVE-2017-14994", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14994", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-23T14:37:51", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "debiancve", "title": "CVE-2017-14733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2017-09-25T21:29:00", "id": "DEBIANCVE:CVE-2017-14733", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-25T02:57:40", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "debiancve", "title": "CVE-2017-10799", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2017-07-03T01:29:00", "id": "DEBIANCVE:CVE-2017-10799", "href": "https://security-tracker.debian.org/tracker/CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-21T08:21:24", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T05:29:00", "type": "debiancve", "title": "CVE-2017-12140", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2017-08-02T05:29:00", "id": "DEBIANCVE:CVE-2017-12140", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-23T14:38:07", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "debiancve", "title": "CVE-2017-12644", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2017-08-07T15:29:00", "id": "DEBIANCVE:CVE-2017-12644", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T14:38:07", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "debiancve", "title": "CVE-2017-12662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2017-08-07T21:29:00", "id": "DEBIANCVE:CVE-2017-12662", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T12:43:43", "description": "graphicsmagick is vulnerable to denial of service. A NULL pointer dereference in the `ReadDCMImage` in `coders/dcm.c` allows remote attackers to cause a denial of service via a malicious DICOM image.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-09-21T06:27:52", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14994"], "modified": "2022-04-19T18:38:54", "id": "VERACODE:26969", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26969/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:30:07", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The library does not check the DPX image file size during the initial upload. This allows a malicious user to pass a DPX image to the application to cause it to run out of memory, crashing it.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-05T05:11:32", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2019-05-15T06:18:27", "id": "VERACODE:4527", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4527/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:14:56", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks through memory exhaustion. A malicious user can pass a `dcm` file to the system to cause the application to run out memory, causing it to crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T13:25:20", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2020-09-11T12:07:49", "id": "VERACODE:4851", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4851/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-08-09T20:11:29", "description": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote\nattackers to cause a denial of service (NULL pointer dereference) via a\ncrafted DICOM image, related to the ability of DCM_ReadNonNativeImages to\nyield an image list with zero frames.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14994", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14994"], "modified": "2017-10-04T00:00:00", "id": "UB:CVE-2017-14994", "href": "https://ubuntu.com/security/CVE-2017-14994", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-29T14:59:41", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in\ncoders\\dcm.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/551>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12644", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12644", "href": "https://ubuntu.com/security/CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-29T14:56:42", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE\nheaders that specify too few colors, which allows remote attackers to cause\na denial of service (heap-based buffer over-read and application crash) via\na crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2017-09-25T00:00:00", "id": "UB:CVE-2017-14733", "href": "https://ubuntu.com/security/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-23T04:07:43", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating\na large width) in coders/dpx.c, a denial of service (OOM) can occur in\nReadDPXImage().\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867077>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T00:00:00", "type": "ubuntucve", "title": "CVE-2017-10799", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2017-07-03T00:00:00", "id": "UB:CVE-2017-10799", "href": "https://ubuntu.com/security/CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-23T02:17:17", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an\ninteger signedness error leading to excessive memory consumption via a\ncrafted DCM file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/533>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0261-CVE-2017-12140-Fix-excessive-memory-consumption-in-ReadDCMImage-via-crafted-file.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12140", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2017-08-02T00:00:00", "id": "UB:CVE-2017-12140", "href": "https://ubuntu.com/security/CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-29T14:59:36", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in\ncoders/pdf.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/576>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870492>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0133-Memory-leak-in-pdf-coder.patch in unstable not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12662", "href": "https://ubuntu.com/security/CVE-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-23T14:28:44", "description": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-04T01:29:00", "type": "cve", "title": "CVE-2017-14994", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14994"], "modified": "2019-06-30T03:15:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:graphicsmagick:graphicsmagick:1.3.26"], "id": "CVE-2017-14994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14994", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T03:06:41", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "cve", "title": "CVE-2017-10799", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2019-04-15T12:30:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.25"], "id": "CVE-2017-10799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-23T14:27:18", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "cve", "title": "CVE-2017-14733", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:graphicsmagick:graphicsmagick:1.3.26"], "id": "CVE-2017-14733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T10:56:02", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T05:29:00", "type": "cve", "title": "CVE-2017-12140", "cwe": ["CWE-681", "CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2020-09-08T00:15:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-23T14:19:41", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "cve", "title": "CVE-2017-12644", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2020-10-14T18:24:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-23T14:19:44", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "cve", "title": "CVE-2017-12662", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2020-10-14T18:25:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-2"], "id": "CVE-2017-12662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-2:*:*:*:*:*:*:*"]}], "alpinelinux": [{"lastseen": "2023-06-23T15:26:07", "description": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-04T01:29:00", "type": "alpinelinux", "title": "CVE-2017-14994", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14994"], "modified": "2019-06-30T03:15:00", "id": "ALPINE:CVE-2017-14994", "href": "https://security.alpinelinux.org/vuln/CVE-2017-14994", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-23T15:26:07", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "alpinelinux", "title": "CVE-2017-14733", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2019-10-03T00:03:00", "id": "ALPINE:CVE-2017-14733", "href": "https://security.alpinelinux.org/vuln/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-25T04:00:20", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "alpinelinux", "title": "CVE-2017-10799", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2019-04-15T12:30:00", "id": "ALPINE:CVE-2017-10799", "href": "https://security.alpinelinux.org/vuln/CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:49:17", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-02T12:18:44", "type": "redhatcve", "title": "CVE-2017-12140", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2019-10-12T00:25:58", "id": "RH:CVE-2017-12140", "href": "https://access.redhat.com/security/cve/cve-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:30", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-18T19:18:32", "type": "redhatcve", "title": "CVE-2017-12644", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2020-10-15T12:01:33", "id": "RH:CVE-2017-12644", "href": "https://access.redhat.com/security/cve/cve-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:48:27", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-18T18:48:42", "type": "redhatcve", "title": "CVE-2017-12662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2020-10-15T12:02:58", "id": "RH:CVE-2017-12662", "href": "https://access.redhat.com/security/cve/cve-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:01", "description": "\nThis upload fixes a number of security issues in graphicsmagick.\n\n\n* [CVE-2017-14103](https://security-tracker.debian.org/tracker/CVE-2017-14103)\nThe ReadJNGImage and ReadOneJNGImage functions in\n coders/png.c did not properly manage image pointers after certain error\n conditions.\n* [CVE-2017-14314](https://security-tracker.debian.org/tracker/CVE-2017-14314)\nHeap-based buffer over-read in DrawDashPolygon() .\n* [CVE-2017-14504](https://security-tracker.debian.org/tracker/CVE-2017-14504)\nNULL pointer dereference triggered by malformed file.\n* [CVE-2017-14733](https://security-tracker.debian.org/tracker/CVE-2017-14733)\nEnsure we detect alpha images with too few colors.\n* [CVE-2017-14994](https://security-tracker.debian.org/tracker/CVE-2017-14994)\nDCM\\_ReadNonNativeImages() can produce image list with\n no frames, resulting in null image pointer.\n* [CVE-2017-14997](https://security-tracker.debian.org/tracker/CVE-2017-14997)\nUnsigned underflow leading to astonishingly\n large allocation request.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u10.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-19T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14997", "CVE-2017-14314", "CVE-2017-14994", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14103"], "modified": "2022-08-05T05:17:59", "id": "OSV:DLA-1130-1", "href": "https://osv.dev/vulnerability/DLA-1130-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:02", "description": "\nMultiple vulnerabilities were found in graphicsmagick.\n\n\n* [CVE-2017-14103](https://security-tracker.debian.org/tracker/CVE-2017-14103)\nThe ReadJNGImage and ReadOneJNGImage functions in coders/png.c in\n GraphicsMagick 1.3.26 do not properly manage image pointers after\n certain error conditions, which allows remote attackers to conduct\n use-after-free attacks via a crafted file, related to a\n ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability\n exists because of an incomplete fix for [CVE-2017-11403](https://security-tracker.debian.org/tracker/CVE-2017-11403).\n* [CVE-2017-14314](https://security-tracker.debian.org/tracker/CVE-2017-14314)\nOff-by-one error in the DrawImage function in magick/render.c in\n GraphicsMagick 1.3.26 allows remote attackers to cause a denial of\n service (DrawDashPolygon heap-based buffer over-read and\n application crash) via a crafted file.\n* [CVE-2017-14504](https://security-tracker.debian.org/tracker/CVE-2017-14504)\nReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not\n ensure the correct number of colors for the XV 332 format, leading\n to a NULL Pointer Dereference.\n* [CVE-2017-14733](https://security-tracker.debian.org/tracker/CVE-2017-14733)\nReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles\n RLE headers that specify too few colors, which allows remote\n attackers to cause a denial of service (heap-based buffer\n over-read and application crash) via a crafted file.\n* [CVE-2017-14994](https://security-tracker.debian.org/tracker/CVE-2017-14994)\nReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference) via a crafted DICOM image, related to the ability of\n DCM\\_ReadNonNativeImages to yield an image list with zero frames.\n* [CVE-2017-14997](https://security-tracker.debian.org/tracker/CVE-2017-14997)\nGraphicsMagick 1.3.26 allows remote attackers to cause a denial of\n service (excessive memory allocation) because of an integer\n underflow in ReadPICTImage in coders/pict.c.\n* [CVE-2017-15930](https://security-tracker.debian.org/tracker/CVE-2017-15930)\nIn ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a\n Null Pointer Dereference occurs while transferring JPEG scanlines,\n related to a PixelPacket pointer.\n\n\nFor Debian 7 Wheezy, [CVE-2017-15930](https://security-tracker.debian.org/tracker/CVE-2017-15930) has been fixed in version\n1.3.16-1.1+deb7u12. The other security issues were fixed in\n1.3.16-1.1+deb7u10 on 10 Oct 2017 in DLA-1130-1 but that announcement\nwas never sent out so this advisory also contains the notice about\nthose vulnerabilities.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14997", "CVE-2017-14314", "CVE-2017-14994", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14103"], "modified": "2022-08-05T05:18:00", "id": "OSV:DLA-1154-1", "href": "https://osv.dev/vulnerability/DLA-1154-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:17:58", "description": "\nMultiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-30T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11641", "CVE-2017-10799", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-11642", "CVE-2017-11140", "CVE-2017-11637"], "modified": "2022-08-05T05:17:56", "id": "OSV:DLA-1045-1", "href": "https://osv.dev/vulnerability/DLA-1045-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:30", "description": "\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/graphicsmagick](https://security-tracker.debian.org/tracker/graphicsmagick)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2022-08-10T07:07:29", "id": "OSV:DSA-4321-1", "href": "https://osv.dev/vulnerability/DSA-4321-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:19:17", "description": "\nVarious vulnerabilities were discovered in graphicsmagick, a collection\nof image processing tools and associated libraries, resulting in denial\nof service, information disclosure, and a variety of buffer overflows\nand overreads.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.3.20-3+deb8u4.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-03T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15277", "CVE-2017-14997", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-6335", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-9098", "CVE-2017-13737", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-11638", "CVE-2017-16352", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-14504", "CVE-2018-9018", "CVE-2016-5239", "CVE-2017-11642", "CVE-2017-11140", "CVE-2017-12935", "CVE-2018-5685", "CVE-2017-11637"], "modified": "2022-07-21T05:52:14", "id": "OSV:DLA-1456-1", "href": "https://osv.dev/vulnerability/DLA-1456-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:55", "description": "\nDebian Bug : 870020 870019 876105 869727 886281 873059 870504\n 870530 870107 872609 875338 875339 875341 873871\n 873131 875352 878506 875503 875502 876105 876099\n 878546 878545 877354 877355 878524 878547 878548\n 878555 878554 878548 878555 878554 878579 885942\n 886584 928206 941670 931447 932079\n\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/imagemagick>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-07T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13135", "CVE-2017-14175", "CVE-2017-14060", "CVE-2018-16749", "CVE-2017-12674", "CVE-2017-1000445", "CVE-2017-13658", "CVE-2017-1000476", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-12691", "CVE-2017-15015", "CVE-2017-12643", "CVE-2017-12430", "CVE-2017-14532", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-17682", "CVE-2017-13768", "CVE-2019-11598", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-14173", "CVE-2017-13133", "CVE-2018-16643", "CVE-2017-13061", "CVE-2017-14505", "CVE-2017-14400", "CVE-2019-13308", "CVE-2017-18271", "CVE-2018-18025", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-15281", "CVE-2017-18273", "CVE-2017-12806", "CVE-2019-13391", "CVE-2017-18209", "CVE-2017-17914", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-18211", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-14249", "CVE-2019-15139", "CVE-2017-14174", "CVE-2017-12429"], "modified": "2022-08-05T05:18:53", "id": "OSV:DLA-2366-1", "href": "https://osv.dev/vulnerability/DLA-2366-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:29", "description": "\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142", "CVE-2017-14175", "CVE-2017-14060", "CVE-2017-9500", "CVE-2019-10650", "CVE-2017-12674", "CVE-2017-1000445", "CVE-2017-13658", "CVE-2017-1000476", "CVE-2017-14626", "CVE-2017-14624", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-12691", "CVE-2017-15015", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12430", "CVE-2017-14532", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-17682", "CVE-2017-13768", "CVE-2019-11598", "CVE-2017-12692", "CVE-2017-14625", "CVE-2017-14173", "CVE-2017-13133", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-18271", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-15281", "CVE-2019-9956", "CVE-2017-18273", "CVE-2019-11597", "CVE-2017-12432", "CVE-2017-17914", "CVE-2017-12670", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-12435", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174", "CVE-2017-13145"], "modified": "2022-08-05T05:18:28", "id": "OSV:DLA-1785-1", "href": "https://osv.dev/vulnerability/DLA-1785-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:02", "description": "\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-31T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13142", "CVE-2017-11448", "CVE-2017-11533", "CVE-2017-11141", "CVE-2017-11531", "CVE-2017-12418", "CVE-2017-11639", "CVE-2017-13146", "CVE-2017-12674", "CVE-2017-13144", "CVE-2017-11529", "CVE-2017-12640", "CVE-2017-13658", "CVE-2017-9501", "CVE-2017-13143", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11537", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11446", "CVE-2017-12676", "CVE-2017-11527", "CVE-2017-11525", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-13139", "CVE-2017-12430", "CVE-2017-12664", "CVE-2017-12564", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-12877", "CVE-2017-11505", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-11530", "CVE-2017-12641", "CVE-2017-13133", "CVE-2017-11188", "CVE-2017-11534", "CVE-2017-11528", "CVE-2017-12566", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-12140", "CVE-2017-12563", "CVE-2017-12675", "CVE-2017-11532", "CVE-2017-11752", "CVE-2017-12565", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-12432", "CVE-2017-12428", "CVE-2017-13134", "CVE-2017-11526", "CVE-2017-11450", "CVE-2017-12431", "CVE-2017-12642", "CVE-2017-12670", "CVE-2017-12668", "CVE-2017-11170", "CVE-2017-11539", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-11535", "CVE-2017-12429", "CVE-2017-11524"], "modified": "2022-08-05T05:17:57", "id": "OSV:DLA-1081-1", "href": "https://osv.dev/vulnerability/DLA-1081-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2022-03-26T20:30:01", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u12\nCVE ID : CVE-2017-14103 CVE-2017-14314 CVE-2017-14504\n CVE-2017-14733 CVE-2017-14994 CVE-2017-14997\n CVE-2017-15930\nDebian Bug : 879999\n\nMultiple vulnerabilities were found in graphicsmagick.\n\nCVE-2017-14103\n\n The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in\n GraphicsMagick 1.3.26 do not properly manage image pointers after\n certain error conditions, which allows remote attackers to conduct\n use-after-free attacks via a crafted file, related to a\n ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2017-11403.\n\nCVE-2017-14314\n\n Off-by-one error in the DrawImage function in magick/render.c in\n GraphicsMagick 1.3.26 allows remote attackers to cause a denial of\n service (DrawDashPolygon heap-based buffer over-read and\n application crash) via a crafted file.\n\nCVE-2017-14504\n\n ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not\n ensure the correct number of colors for the XV 332 format, leading\n to a NULL Pointer Dereference.\n\nCVE-2017-14733\n\n ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles\n RLE headers that specify too few colors, which allows remote\n attackers to cause a denial of service (heap-based buffer\n over-read and application crash) via a crafted file.\n\nCVE-2017-14994\n\n ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows\n remote attackers to cause a denial of service (NULL pointer\n dereference) via a crafted DICOM image, related to the ability of\n DCM_ReadNonNativeImages to yield an image list with zero frames.\n\nCVE-2017-14997\n\n GraphicsMagick 1.3.26 allows remote attackers to cause a denial of\n service (excessive memory allocation) because of an integer\n underflow in ReadPICTImage in coders/pict.c.\n\nCVE-2017-15930\n\n In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a\n Null Pointer Dereference occurs while transferring JPEG scanlines,\n related to a PixelPacket pointer.\n\nFor Debian 7 "Wheezy", CVE-2017-15930 has been fixed in version\n1.3.16-1.1+deb7u12. The other security issues were fixed in\n1.3.16-1.1+deb7u10 on 10 Oct 2017 in DLA-1130-1 but that announcement\nwas never sent out so this advisory also contains the notice about\nthose vulnerabilities.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-31T17:48:00", "type": "debian", "title": "[SECURITY] [DLA 1154-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11403", "CVE-2017-14103", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15930"], "modified": "2017-10-31T17:48:00", "id": "DEBIAN:DLA-1154-1:6E465", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00032.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T12:27:18", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u6\nCVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007\n CVE-2019-11008 CVE-2019-11009 CVE-2019-11010\nDebian Bug : 927029\n\nSeveral security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-04-13T22:13:02", "type": "debian", "title": "[SECURITY] [DLA 1755-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2019-04-13T22:13:02", "id": "DEBIAN:DLA-1755-1:C5328", "href": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-06T03:59:42", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u6\nCVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007\n CVE-2019-11008 CVE-2019-11009 CVE-2019-11010\nDebian Bug : 927029\n\nSeveral security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-04-13T22:13:02", "type": "debian", "title": "[SECURITY] [DLA 1755-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2019-04-13T22:13:02", "id": "DEBIAN:DLA-1755-1:376D8", "href": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-11T04:51:13", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u8\nCVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140\n CVE-2017-11403 CVE-2017-11636 CVE-2017-11637\n CVE-2017-11638 CVE-2017-11641 CVE-2017-11642\n CVE-2017-11643\nDebian Bug : 867077 867746 870149\n\nMultiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-30T16:22:23", "type": "debian", "title": "[SECURITY] [DLA 1045-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2017-07-30T16:22:23", "id": "DEBIAN:DLA-1045-1:712EB", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:28:23", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u8\nCVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140\n CVE-2017-11403 CVE-2017-11636 CVE-2017-11637\n CVE-2017-11638 CVE-2017-11641 CVE-2017-11642\n CVE-2017-11643\nDebian Bug : 867077 867746 870149\n\nMultiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-30T16:22:23", "type": "debian", "title": "[SECURITY] [DLA 1045-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2017-07-30T16:22:23", "id": "DEBIAN:DLA-1045-1:24D9D", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-03T15:30:22", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4321-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphicsmagick\nCVE ID : CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102 \n CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 \n CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 \n CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 \n CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 \n CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 \n CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 \n CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277 \n CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 \n CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 \n CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 \n CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 \n CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 \n CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018\n\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/graphicsmagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-16T21:57:57", "type": "debian", "title": "[SECURITY] [DSA 4321-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2018-10-16T21:57:57", "id": "DEBIAN:DSA-4321-1:D5514", "href": "https://lists.debian.org/debian-security-announce/2018/msg00252.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T13:49:08", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u3\nCVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241\n CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449\n CVE-2017-11636 CVE-2017-11643 CVE-2017-12937\n CVE-2017-13063 CVE-2017-13064 CVE-2017-13065\n CVE-2017-13134 CVE-2017-14314 CVE-2017-14733\n CVE-2017-16353 CVE-2017-16669 CVE-2017-17498\n CVE-2017-17500 CVE-2017-17501 CVE-2017-17502\n CVE-2017-17503 CVE-2017-17782 CVE-2017-17912\n CVE-2017-17915\nDebian Bug : 870149 870157 872574 873130 873129 873119 873099 881524\n 881391 884905\n\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-27T21:28:32", "type": "debian", "title": "[SECURITY] [DLA 1401-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-06-27T21:28:32", "id": "DEBIAN:DLA-1401-1:300F8", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-26T20:20:00", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u3\nCVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241\n CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449\n CVE-2017-11636 CVE-2017-11643 CVE-2017-12937\n CVE-2017-13063 CVE-2017-13064 CVE-2017-13065\n CVE-2017-13134 CVE-2017-14314 CVE-2017-14733\n CVE-2017-16353 CVE-2017-16669 CVE-2017-17498\n CVE-2017-17500 CVE-2017-17501 CVE-2017-17502\n CVE-2017-17503 CVE-2017-17782 CVE-2017-17912\n CVE-2017-17915\nDebian Bug : 870149 870157 872574 873130 873129 873119 873099 881524\n 881391 884905\n\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-27T21:28:32", "type": "debian", "title": "[SECURITY] [DLA 1401-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-06-27T21:28:32", "id": "DEBIAN:DLA-1401-1:A41C0", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-19T18:11:01", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u4\nCVE ID : CVE-2016-5239 CVE-2017-6335 CVE-2017-9098 CVE-2017-11102 \n CVE-2017-11140 CVE-2017-11403 CVE-2017-11637 CVE-2017-11638 \n CVE-2017-11641 CVE-2017-11642 CVE-2017-12935 CVE-2017-12936 \n CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 CVE-2017-13777 \n CVE-2017-14504 CVE-2017-14994 CVE-2017-14997 CVE-2017-15277 \n CVE-2017-15930 CVE-2017-16352 CVE-2017-16545 CVE-2017-16547 \n CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 \n CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018\nDebian Bug : 867746 870153 870154 870156 870155 872576 872575 878511\n 878578 862967 879999\n\nVarious vulnerabilities were discovered in graphicsmagick, a collection\nof image processing tools and associated libraries, resulting in denial\nof service, information disclosure, and a variety of buffer overflows\nand overreads.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-03T01:07:24", "type": "debian", "title": "[SECURITY] [DLA 1456-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5239", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14504", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2017-6335", "CVE-2017-9098", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2018-08-03T01:07:24", "id": "DEBIAN:DLA-1456-1:6B17B", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:15:46", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:C1442", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-25T11:41:51", "description": "Package : imagemagick\nVersion : 8:6.8.9.9-5+deb8u16\nCVE ID : CVE-2017-9500 CVE-2017-11446 CVE-2017-11523\n CVE-2017-11537 CVE-2017-12140 CVE-2017-12430\n CVE-2017-12432 CVE-2017-12435 CVE-2017-12563\n CVE-2017-12587 CVE-2017-12643 CVE-2017-12670\n CVE-2017-12674 CVE-2017-12691 CVE-2017-12692\n CVE-2017-12693 CVE-2017-12875 CVE-2017-13133\n CVE-2017-13142 CVE-2017-13145 CVE-2017-13658\n CVE-2017-13768 CVE-2017-14060 CVE-2017-14172\n CVE-2017-14173 CVE-2017-14174 CVE-2017-14175\n CVE-2017-14249 CVE-2017-14341 CVE-2017-14400\n CVE-2017-14505 CVE-2017-14532 CVE-2017-14624\n CVE-2017-14625 CVE-2017-14626 CVE-2017-14739\n CVE-2017-14741 CVE-2017-15015 CVE-2017-15017\n CVE-2017-15281 CVE-2017-17682 CVE-2017-17914\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2019-9956 CVE-2019-10650\n CVE-2019-11597 CVE-2019-11598\nDebian Bug : 867778 868950 869210 869712 873059 869727 870491 870504\n 870530 870526 870107 870107 870020 875338 872609 875339\n 875341 873871 875352 873100 870105 869830 870019 878506\n 875504 875503 875502 876099 876105 878546 878545 878541\n 877354 877355 878524 878547 878548 878555 878554 878579\n 885942 886584 928207 928206 925395\n\n\nNumerous security vulnerabilities were fixed in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n8:6.8.9.9-5+deb8u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-14T10:40:29", "type": "debian", "title": "[SECURITY] [DLA 1785-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-11446", "CVE-2017-11523", "CVE-2017-11537", "CVE-2017-12140", "CVE-2017-12430", "CVE-2017-12432", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13133", "CVE-2017-13142", "CVE-2017-13145", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18271", "CVE-2017-18273", "CVE-2017-9500", "CVE-2019-10650", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-9956"], "modified": "2019-05-14T10:40:29", "id": "DEBIAN:DLA-1785-1:40B92", "href": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T11:01:03", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2366-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVersion : 8:6.9.7.4+dfsg-11+deb9u10\nCVE ID : CVE-2017-12140 CVE-2017-12429 CVE-2017-12430\n \t CVE-2017-12435 CVE-2017-12563 CVE-2017-12643\n CVE-2017-12670 CVE-2017-12674 CVE-2017-12691\n CVE-2017-12692 CVE-2017-12693 CVE-2017-12806\n CVE-2017-12875 CVE-2017-13061 CVE-2017-13133\n CVE-2017-13658 CVE-2017-13768 CVE-2017-14060\n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174\n CVE-2017-14175 CVE-2017-14249 CVE-2017-14341\n CVE-2017-14400 CVE-2017-14505 CVE-2017-14532\n CVE-2017-14624 CVE-2017-14625 CVE-2017-14626\n CVE-2017-14739 CVE-2017-14741 CVE-2017-15015\n CVE-2017-15017 CVE-2017-15281 CVE-2017-17682\n CVE-2017-17914 CVE-2017-18209 CVE-2017-18211\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749\n CVE-2018-18025 CVE-2019-11598 CVE-2019-13135\n CVE-2019-13308 CVE-2019-13391 CVE-2019-15139\n\nDebian Bug : 870020 870019 876105 869727 886281 873059 870504\n 870530 870107 872609 875338 875339 875341 873871\n 873131 875352 878506 875503 875502 876105 876099\n 878546 878545 877354 877355 878524 878547 878548\n 878555 878554 878548 878555 878554 878579 885942\n 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-07T21:24:40", "type": "debian", "title": "[SECURITY] [DLA 2366-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-07T21:24:40", "id": "DEBIAN:DLA-2366-1:54E1C", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-05T21:15:53", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2366-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVersion : 8:6.9.7.4+dfsg-11+deb9u10\nCVE ID : CVE-2017-12140 CVE-2017-12429 CVE-2017-12430\n \t CVE-2017-12435 CVE-2017-12563 CVE-2017-12643\n CVE-2017-12670 CVE-2017-12674 CVE-2017-12691\n CVE-2017-12692 CVE-2017-12693 CVE-2017-12806\n CVE-2017-12875 CVE-2017-13061 CVE-2017-13133\n CVE-2017-13658 CVE-2017-13768 CVE-2017-14060\n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174\n CVE-2017-14175 CVE-2017-14249 CVE-2017-14341\n CVE-2017-14400 CVE-2017-14505 CVE-2017-14532\n CVE-2017-14624 CVE-2017-14625 CVE-2017-14626\n CVE-2017-14739 CVE-2017-14741 CVE-2017-15015\n CVE-2017-15017 CVE-2017-15281 CVE-2017-17682\n CVE-2017-17914 CVE-2017-18209 CVE-2017-18211\n CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445\n CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749\n CVE-2018-18025 CVE-2019-11598 CVE-2019-13135\n CVE-2019-13308 CVE-2019-13391 CVE-2019-15139\n\nDebian Bug : 870020 870019 876105 869727 886281 873059 870504\n 870530 870107 872609 875338 875339 875341 873871\n 873131 875352 878506 875503 875502 876105 876099\n 878546 878545 877354 877355 878524 878547 878548\n 878555 878554 878548 878555 878554 878579 885942\n 886584 928206 941670 931447 932079\n\nSeveral security vulnerabilities were found in Imagemagick. Various\nmemory handling problems and cases of missing or incomplete input\nsanitizing may result in denial of service, memory or CPU exhaustion,\ninformation disclosure or potentially the execution of arbitrary code\nwhen a malformed image file is processed.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8:6.9.7.4+dfsg-11+deb9u10.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFor the detailed security status of imagemagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/imagemagick\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-07T21:24:40", "type": "debian", "title": "[SECURITY] [DLA 2366-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-12140", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12643", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12806", "CVE-2017-12875", "CVE-2017-13061", "CVE-2017-13133", "CVE-2017-13658", "CVE-2017-13768", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14532", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-15015", "CVE-2017-15017", "CVE-2017-15281", "CVE-2017-17682", "CVE-2017-17914", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-16643", "CVE-2018-16749", "CVE-2018-18025", "CVE-2019-11598", "CVE-2019-13135", "CVE-2019-13308", "CVE-2019-13391", "CVE-2019-15139"], "modified": "2020-09-07T21:24:40", "id": "DEBIAN:DLA-2366-1:3ECD0", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-19T18:24:48", "description": "Package : imagemagick\nVersion : 6.7.7.10-5+deb7u16\nCVE ID : CVE-2017-8352 CVE-2017-9144 CVE-2017-9501 CVE-2017-10928 \n CVE-2017-10995 CVE-2017-11141 CVE-2017-11170 CVE-2017-11188 \n CVE-2017-11352 CVE-2017-11360 CVE-2017-11446 CVE-2017-11448 \n CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 \n CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 \n CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 \n CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 \n CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11639 \n CVE-2017-11640 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 \n CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 \n CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 \n CVE-2017-12432 CVE-2017-12433 CVE-2017-12435 CVE-2017-12563 \n CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 \n CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 \n CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 \n CVE-2017-12670 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 \n CVE-2017-12877 CVE-2017-12983 CVE-2017-13133 CVE-2017-13134 \n CVE-2017-13139 CVE-2017-13142 CVE-2017-13143 CVE-2017-13144 \n CVE-2017-13146 CVE-2017-13658\nDebian Bug : 867367 867896 867806 867808 867810 867811 867812 867798\n 867821 868264 868184 867721 867824 867826 867893 867823\n 867894 868263 869210 867748 868950 868469 869725 869726\n 869834 869711 869827 869712 870120 870065 870067 870016\n 870023 870480 870481 870525 869713 869727 869715 870491\n 870504 870530 870017 870115 870503 870526 870106 869796\n 870107 870502 870501 870489 870020 872609 870022 870118\n 872373 873134 873100 873099 870109 870105 870012 869728\n 870013 870019 869721 869722\n\n\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT,\nVST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF,\nICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB,\nSFW, or XCF files are processed.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n6.7.7.10-5+deb7u16.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-31T10:47:38", "type": "debian", "title": "[SECURITY] [DLA 1081-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-11531", "CVE-2017-11532", "CVE-2017-11533", "CVE-2017-11534", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11539", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11751", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12564", "CVE-2017-12565", "CVE-2017-12566", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12643", "CVE-2017-12654", "CVE-2017-12664", "CVE-2017-12665", "CVE-2017-12668", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12675", "CVE-2017-12676", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13133", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-8352", "CVE-2017-9144", "CVE-2017-9501"], "modified": "2017-08-31T10:47:38", "id": "DEBIAN:DLA-1081-1:D21F2", "href": "https://lists.debian.org/debian-lts-announce/2017/08/msg00031.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-08T16:54:48", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: GraphicsMagick-1.3.26-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-08T16:54:48", "id": "FEDORA:5CBAB606E48C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MNLOUPX5V6JWQH244LAOXC353ALXBL5J/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-15T18:50:07", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.26-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-15T18:50:07", "id": "FEDORA:18B1D6079267", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GYB65XFG6CDFEJCLATKLZ6XP6YFDUZL5/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-12T03:29:41", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.26-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-12T03:29:41", "id": "FEDORA:5BF646060E83", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QHZ5VPP642V2AZL7BQHXNVHNDUPEMSVZ/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Synfig is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preventing the need to hand-draw each frame. Synfig features spatial and temporal resolution independence (sharp and smoothat any resolution or framerate), high dynamic range images, and a flexible plugin system. This package contains the command-line-based rendering backend. Install synfigstudio package for GUI-based animation studio. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:34", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: synfig-1.2.0-9.fc26.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:34", "id": "FEDORA:BE87C60748F9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GKIOVPVMFP2JAQIRGCJ6ORJL3I6OI7B/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-08T18:40:43", "description": "Window Maker is an X11 window manager designed to give additional integration support to the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP GUI. It is fast, feature rich, easy to configure, and easy to use. In addition, Window Maker works with GNOME and KDE, making it one of the most useful and universal window managers available. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:39", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: WindowMaker-0.95.8-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:39", "id": "FEDORA:F0880601EDDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Converseen is a batch image conversion tool and resizer written in C++ with Qt5 and Magick++. Converseen allows you to convert images in more than 100 different formats! ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:18", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: converseen-0.9.6.2-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:18", "id": "FEDORA:8F8C0601EDDE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "RMagick is an interface between Ruby and ImageMagick. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:34", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-4.fc26.2", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:34", "id": "FEDORA:137B4601EDDC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GJUOSYWB3S6UHTG2YAYRCXPBKGXTCGDE/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics (SVG) file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advanced SVG features (markers, clones, alpha blending, etc.) and great care is taken in designing a streamlined interface. It is very easy to edit nodes, perform complex path operations, trace bitmaps and much more. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:26", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:26", "id": "FEDORA:A58296076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "K-3D is a complete 3D modeling, animation and rendering system. K-3D features a robust, object oriented plugin architecture, designed to scale to the needs of professional artists. It is designed from the ground up to generate motion picture quality animation using RenderMan compliant render engines. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:27", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: k3d-0.8.0.6-8.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:27", "id": "FEDORA:C1BBA6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7PHOZENIVB3UVOEDNORVD5HZEPH7SZPD/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "libdmtx is open source software for reading and writing Data Matrix 2D bar-codes on Linux, Unix, OS X, Windows, and mobile devices. At its core libdmtx is a shared library, allowing C/C++ programs to use its capabilities without restrictions or overhead. The included utility programs, dmtxread and dmtxwrite, provide the official interface to libdmtx from the command line, and also serve as a good refere nce for programmers who wish to write their own programs that interact with libdmtx. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:20", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: dmtx-utils-0.7.4-4.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:20", "id": "FEDORA:5C7D56076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VST4FTGSIGVYYYTUCYFUTPBL6QNQE4SY/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "KXStitch can be used to create cross stitch patterns from scratch. It is al so possible to convert existing images to a cross stitch pattern or scan one w ith a Sane supported scanner. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:28", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kxstitch-1.2.0-9.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:28", "id": "FEDORA:6DAC2601EDDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DLNHECMOL5F4463M4LEQJETSACMDNHBX/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:23", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: emacs-25.3-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:23", "id": "FEDORA:999936076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4TYOQUU23FT5ZUDPTUR54NNN5JCH5SAU/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:15", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: autotrace-0.31.1-49.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:15", "id": "FEDORA:A088E6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Techne is a general purpose, programmable physical simulator and renderer. It reads in a set of scripts wherein every aspect of a physical system is specified and then proceeds to simulate and render the system onscreen. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:36", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: techne-0.2.3-20.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:36", "id": "FEDORA:E7E3A6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7DJTCVESG6E2TSULF5JA6JM427TDGEZF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series metadata and themoviedb.org API for movies. Check the websites of both services for the terms of use. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:38", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:38", "id": "FEDORA:2A5176076F55", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:39", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: vips-8.5.8-2.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:39", "id": "FEDORA:4FEEB6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4LPLGFSY5B4L7T4MM6BRICKAEJLC245Z/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "ImageInfo computes and displays selected image attributes. It is similar in function to the ImageMagick \"identify\" utility, but provides a few additional attributes (such as details of embedded ICC profiles), and allows command line selection of the attributes to be computed, avoiding unnecessary computation and and allowing easier parsing of results when this utility is called from a script. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:25", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: imageinfo-0.05-27.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:25", "id": "FEDORA:082456076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5VCKBLZTRUJIDLAZ3QGNSZGOLWEJNDW7/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "pfstools is a set of command line programs for reading, writing, manipulating and viewing high-dynamic range (HDR) images and video frames. All programs in the package exchange data using unix pipes and a simple generic HDR image format (pfs). The concept of the pfstools is similar to netpbm package for low-dynamic range images. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:29", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: pfstools-2.0.6-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:29", "id": "FEDORA:F10E86076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined arrays in different ways, apply global transformations to arr ay data, reorder the array data, and much more. Additionally, gtatool can import from and export to many other file formats , see the sub-packages! ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:24", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: gtatool-2.2.0-6.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:24", "id": "FEDORA:6541E60748F9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/32VMEM3PJFREO5A322OKICOCG3VTTOVO/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "imagick is a native php extension to create and modify images using the ImageMagick API. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:30", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: php-pecl-imagick-3.4.3-2.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:30", "id": "FEDORA:9766D6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A command line tool for generating timing diagrams from ASCII input files. The input files use a structured language to represent signal state transitions and interdependencies. Raster image output support is provided by ImageMagick. It can be used for VHDL or verilog presentations. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:22", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: drawtiming-0.7.1-22.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:22", "id": "FEDORA:748906076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2MNO4DLPKYAYFZKQKDGF5FS25DUJN74I/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced applications, and also as a sophisticated kind of desktop calculator. The distribution includes the Q programming tools, a standard library, add-on modules for interfacing to Curl, GNU dbm, ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:31", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: q-7.11-29.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:31", "id": "FEDORA:C41F46076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BWCQW6OHAB26KVSQTGYVOIKEHH3ENZ4Q/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A port of the Really Slick Screensavers to GLX. Provides several visually impressive and graphically intensive screensavers. Note that this package contains only the display hacks themselves; you will need to install the appropriate subpackage for your desktop environment in order to use them as screensavers. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:33", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: rss-glx-0.9.1.p-29.fc26.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:33", "id": "FEDORA:5EF1A6076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CJZ6NMRLOPTO2IHIEEO25SQ5Z7MWPQKK/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "RipRight is a minimal CD ripper modeled on autorip. It can run as a daemon and will automatically start ripping any CD found in the drive after which the disc will be ejected. Ripping is always to FLAC lossless audio format with tags taken from the community-maintained MusicBrainz lookup service and cov er art from Amazon where possible. If a disc is unknown to MusicBrainz, the CD will be ejected without ripping and can also be optionally rejected if cover art cannot be found. With RipRight, ripping a CD collection is just a matter of feeding your Lin ux PC each CD in turn and waiting while they are ripped. CDs which are immediately ejected can be checked with the MusicBrainz Picard tool which allows CD identifiers to be uploaded to the website database. Any errors or inaccuracies in the database records can also be edited on the MusicBrainz. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:32", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: ripright-0.11-5.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:32", "id": "FEDORA:6B591601EDDE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5LPAVN4T4OJO53IDYG56UAFXKJETIX6W/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-08T18:43:39", "description": "Perl module to aide in locating a sub-image within an image. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:29", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: perl-Image-SubImageFind-0.03-13.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:29", "id": "FEDORA:575B16076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7NOWPNY5NTXIZANQ327B5JNLTVLZ3BDM/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A conversion utility for the Psion files ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:31", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: psiconv-0.9.8-22.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:31", "id": "FEDORA:30E8F601EDDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TNV35ZHCWOWCRRB6BLFKV24YTORMLH4X/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-08T18:39:03", "description": "ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:25", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: ImageMagick-6.9.9.13-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:25", "id": "FEDORA:93FF76076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LDT43G5RDSYGPIQ2RBMEGC3RXRW2ENPD/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preventing the need to hand-draw each frame. Synfig features spatial and temporal resolution independence (sharp and smoothat any resolution or framerate), high dynamic range images, and a flexible plugin system. This package contains the GUI-based animation studio. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-19T03:27:35", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: synfigstudio-1.2.0-5.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-8707", "CVE-2016-9556", "CVE-2016-9559", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11448", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11750", "CVE-2017-11751", "CVE-2017-11753", "CVE-2017-11754", "CVE-2017-11755", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12428", "CVE-2017-12429", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12434", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12641", "CVE-2017-12642", "CVE-2017-12644", "CVE-2017-12654", "CVE-2017-12662", "CVE-2017-12663", "CVE-2017-12665", "CVE-2017-12666", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-9098", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144"], "modified": "2017-09-19T03:27:35", "id": "FEDORA:791786076F55", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:38", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-30T00:57:16", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: GraphicsMagick-1.3.32-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2019-06-30T00:57:16", "id": "FEDORA:C7F6A6178920", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:38", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-30T02:27:02", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: GraphicsMagick-1.3.32-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2019-06-30T02:27:02", "id": "FEDORA:408C160062DD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-16T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872878", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_fba331bb86_GraphicsMagick_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872878\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 07:37:36 +0200 (Sun, 16 Jul 2017)\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fba331bb86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYB65XFG6CDFEJCLATKLZ6XP6YFDUZL5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.26~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:07 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3ac2e9b354\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHZ5VPP642V2AZL7BQHXNVHNDUPEMSVZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.26~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:49:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4232-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14997", "CVE-2017-14314", "CVE-2017-16352", "CVE-2017-14994", "CVE-2017-14165", "CVE-2017-15930", "CVE-2017-14504", "CVE-2017-16353", "CVE-2017-14733", "CVE-2017-14649"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310844287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844287", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844287\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2017-14165\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 11:03:48 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4232-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4232-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005260.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4232-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service or other\nunspecified impact.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:26:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851668", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851668\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-23 07:47:42 +0100 (Sat, 23 Dec 2017)\");\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\",\n \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\",\n \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\",\n \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\",\n \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\",\n \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\",\n \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n\n * CVE-2017-15930: Null Pointer dereference while transferring JPEG\n scanlines could lead to denial of service [bsc#1066003]\n\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n\n * CVE-2017-12587: User controllable large loop in the ReadPWPImage in\n coders\\pwp.c could ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3420-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00087.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T19:24:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1755-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11008", "CVE-2017-10799", "CVE-2019-11009", "CVE-2019-11010", "CVE-2019-11007", "CVE-2019-11006"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891755", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891755\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2019-11006\", \"CVE-2019-11007\", \"CVE-2019-11008\", \"CVE-2019-11009\", \"CVE-2019-11010\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-14 02:00:21 +0000 (Sun, 14 Apr 2019)\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1755-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1755-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/927029\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the DLA-1755-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T14:44:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4206-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-6335", "CVE-2017-13147", "CVE-2017-10799", "CVE-2017-11636", "CVE-2017-11102", "CVE-2017-11403", "CVE-2017-14042", "CVE-2017-11140", "CVE-2017-11637"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310844255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844255", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844255\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-13147\", \"CVE-2017-14042\", \"CVE-2017-6335\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:34 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4206-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4206-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005231.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4206-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140,\nCVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042,\nCVE-2017-6335)\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:10", "description": "Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1045-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11641", "CVE-2017-10799", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-11642", "CVE-2017-11140", "CVE-2017-11637"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891045", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891045\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1045-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-05T18:44:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2019-425a1aa7c9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-14997", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-13736", "CVE-2017-13648", "CVE-2017-11638", "CVE-2017-17503", "CVE-2019-11474", "CVE-2017-12805", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-13065", "CVE-2017-12806", "CVE-2017-11642", "CVE-2017-14733", "CVE-2017-16545", "CVE-2019-11472", "CVE-2019-11470", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-14649", "CVE-2019-11473"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310876546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876546", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876546\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11474\", \"CVE-2019-11473\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-01 02:10:46 +0000 (Mon, 01 Jul 2019)\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2019-425a1aa7c9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-425a1aa7c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the FEDORA-2019-425a1aa7c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick is a comprehensive image processing package which is initially\nbased on ImageMagick 5.5.2, but which has undergone significant re-work by\nthe GraphicsMagick Group to significantly improve the quality and performance\nof the software.\");\n\n script_tag(name:\"affected\", value:\"'GraphicsMagick' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.32~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-05T18:45:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2019-da4c20882c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-14997", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-13736", "CVE-2017-13648", "CVE-2017-11638", "CVE-2017-17503", "CVE-2019-11474", "CVE-2017-12805", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-13065", "CVE-2017-12806", "CVE-2017-11642", "CVE-2017-14733", "CVE-2017-16545", "CVE-2019-11472", "CVE-2019-11470", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-14649", "CVE-2019-11473"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310876545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876545", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876545\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11474\", \"CVE-2019-11473\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-01 02:10:17 +0000 (Mon, 01 Jul 2019)\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2019-da4c20882c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-da4c20882c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the FEDORA-2019-da4c20882c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick is a comprehensive image processing package which is initially\nbased on ImageMagick 5.5.2, but which has undergone significant re-work by\nthe GraphicsMagick Group to significantly improve the quality and performance\nof the software.\");\n\n script_tag(name:\"affected\", value:\"'GraphicsMagick' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.32~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T18:55:36", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.", "cvss3": {}, "published": "2018-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4321-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704321\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\",\n \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\",\n \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\",\n \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\",\n \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\",\n \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\",\n \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\",\n \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\",\n \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\",\n \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\",\n \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\",\n \"CVE-2018-9018\");\n script_name(\"Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 00:00:00 +0200 (Tue, 16 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4321.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/graphicsmagick\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++-q16-12\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_psiconv_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNV35ZHCWOWCRRB6BLFKV24YTORMLH4X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for techne FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_techne_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for techne FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873434\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:12:19 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for techne FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'techne'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"techne on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7DJTCVESG6E2TSULF5JA6JM427TDGEZF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"techne\", rpm:\"techne~0.2.3~20.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_dmtx-utils_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:15:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dmtx-utils FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dmtx-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dmtx-utils on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VST4FTGSIGVYYYTUCYFUTPBL6QNQE4SY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"dmtx-utils\", rpm:\"dmtx-utils~0.7.4~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vdr-scraper2vdr_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873424\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vdr-scraper2vdr FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vdr-scraper2vdr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vdr-scraper2vdr on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LYDZWFUCPPZNZFWH7L5BVXQN4W3QU2F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vdr-scraper2vdr\", rpm:\"vdr-scraper2vdr~1.0.5~4.20170611git254122b.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for drawtiming FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_drawtiming_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for drawtiming FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:04 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for drawtiming FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drawtiming'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drawtiming on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MNO4DLPKYAYFZKQKDGF5FS25DUJN74I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"drawtiming\", rpm:\"drawtiming~0.7.1~22.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vips FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873431", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_vips_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vips FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873431\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:06:18 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vips FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vips'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vips on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LPLGFSY5B4L7T4MM6BRICKAEJLC245Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"vips\", rpm:\"vips~8.5.8~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for k3d FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_k3d_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for k3d FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873419\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:44:24 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for k3d FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'k3d'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"k3d on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PHOZENIVB3UVOEDNORVD5HZEPH7SZPD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"k3d\", rpm:\"k3d~0.8.0.6~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for imageinfo FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_imageinfo_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for imageinfo FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873420\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:47:47 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for imageinfo FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imageinfo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"imageinfo on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VCKBLZTRUJIDLAZ3QGNSZGOLWEJNDW7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"imageinfo\", rpm:\"imageinfo~0.05~27.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_emacs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:28:34 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TYOQUU23FT5ZUDPTUR54NNN5JCH5SAU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for kxstitch FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_kxstitch_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kxstitch FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873429\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:25 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kxstitch FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kxstitch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kxstitch on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLNHECMOL5F4463M4LEQJETSACMDNHBX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kxstitch\", rpm:\"kxstitch~1.2.0~9.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_perl-Image-SubImageFind_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:00:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7NOWPNY5NTXIZANQ327B5JNLTVLZ3BDM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_pfstools_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:19:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCLNAT72SG6KX3CRKW6IBJA4NE65ACRD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873425", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_WindowMaker_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873425\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:56:58 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NM2AMQSUZCQR57N2CQ6SEZMVMG4BVT73\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.8~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_gtatool_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:10:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32VMEM3PJFREO5A322OKICOCG3VTTOVO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_synfigstudio_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:34:56 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7BNWCRCM5IYKMJZ72KNCKVH74WA634E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_autotrace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:42 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T45GVYNSFDFEZVXNCMRXUWX2SZPO2GG3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_converseen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873407\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:41 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZWYA5OS5LRRUJQEYK6UL6B5CMNYRGIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.7.2~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873417", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_php-pecl-imagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873417\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:54 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZAZ2SDKUL5O7OUVJKUYDGDZYRPIZMD7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-8f27031c8f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2017-11448", "CVE-2017-11141", "CVE-2017-9143", "CVE-2017-12418", "CVE-2017-7943", "CVE-2017-11639", "CVE-2016-8707", "CVE-2017-11755", "CVE-2017-12640", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-9098", "CVE-2017-11447", "CVE-2016-7520", "CVE-2017-11446", "CVE-2017-12643", "CVE-2017-12433", "CVE-2017-12430", "CVE-2017-12664", "CVE-2016-6491", "CVE-2017-11724", "CVE-2017-11644", "CVE-2017-11360", "CVE-2017-11751", "CVE-2017-9144", "CVE-2017-12666", "CVE-2016-7515", "CVE-2017-12434", "CVE-2016-6823", "CVE-2016-7521", "CVE-2017-12641", "CVE-2016-7516", "CVE-2017-12644", "CVE-2017-11188", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-5842", "CVE-2016-9556", "CVE-2017-11352", "CVE-2017-8352", "CVE-2017-11750", "CVE-2017-12140", "CVE-2017-7941", "CVE-2017-11752", "CVE-2014-9907", "CVE-2017-9142", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11754", "CVE-2017-12432", "CVE-2016-7514", "CVE-2017-12428", "CVE-2016-7518", "CVE-2016-5010", "CVE-2015-8958", "CVE-2017-11450", "CVE-2016-7101", "CVE-2017-12642", "CVE-2017-11753", "CVE-2016-9559", "CVE-2016-5841", "CVE-2017-11170", "CVE-2017-12663", "CVE-2016-7513", "CVE-2017-7942", "CVE-2017-12435", "CVE-2015-8959", "CVE-2017-9141", "CVE-2017-11640", "CVE-2017-12427", "CVE-2017-12654", "CVE-2017-12665", "CVE-2017-11449", "CVE-2017-12429", "CVE-2017-12662"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_8f27031c8f_inkscape_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-8f27031c8f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:32:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-9144\", \"CVE-2017-10995\", \"CVE-2017-11170\",\n \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2017-8352\",\n \"CVE-2017-9141\", \"CVE-2017-9142\", \"CVE-2017-9143\", \"CVE-2017-9098\",\n \"CVE-2016-9556\", \"CVE-2016-9559\", \"CVE-2016-8707\", \"CVE-2017-12587\",\n \"CVE-2017-12433\", \"CVE-2017-12434\", \"CVE-2017-12435\", \"CVE-2017-12640\",\n \"CVE-2017-12641\", \"CVE-2017-12642\", \"CVE-2017-12643\", \"CVE-2017-12644\",\n \"CVE-2017-12654\", \"CVE-2017-12662\", \"CVE-2017-12663\", \"CVE-2017-12664\",\n \"CVE-2017-12665\", \"CVE-2017-12666\", \"CVE-2017-12427\", \"CVE-2017-12428\",\n \"CVE-2017-12429\", \"CVE-2017-12430\", \"CVE-2017-12432\", \"CVE-2017-12418\",\n \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2014-9907\",\n \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\",\n \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\",\n \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\",\n \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-5010\", \"CVE-2017-12140\",\n \"CVE-2017-11724\", \"CVE-2017-11750\", \"CVE-2017-11751\", \"CVE-2017-11752\",\n \"CVE-2017-11753\", \"CVE-2017-11754\", \"CVE-2017-11755\", \"CVE-2017-11644\",\n \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11523\", \"CVE-2017-11446\",\n \"CVE-2017-11478\", \"CVE-2017-11360\", \"CVE-2017-11188\", \"CVE-2017-11448\",\n \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11141\",\n \"CVE-2017-10928\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-8f27031c8f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8f27031c8f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTRIPHKCJXKPL7XSUJBDVBNRJI45DZS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc26.1\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(
openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)
