Search...

Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86

2017-07-16T00:00:00

ID OPENVAS:1361412562310872878
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_fba331bb86_GraphicsMagick_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.872878");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2017-07-16 07:37:36 +0200 (Sun, 16 Jul 2017)");
  script_cve_id("CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'GraphicsMagick'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"GraphicsMagick on Fedora 24");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2017-fba331bb86");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYB65XFG6CDFEJCLATKLZ6XP6YFDUZL5");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC24");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC24")
{

  if ((res = isrpmvuln(pkg:"GraphicsMagick", rpm:"GraphicsMagick~1.3.26~1.fc24", rls:"FC24")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310872878", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86", "description": "The remote host is missing an update for the ", "published": "2017-07-16T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872878", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-fba331bb86", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYB65XFG6CDFEJCLATKLZ6XP6YFDUZL5"], "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "lastseen": "2019-05-29T18:34:14", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1045-1:24D9D", "DEBIAN:DLA-1045-1:712EB", "DEBIAN:DLA-1755-1:376D8", "DEBIAN:DLA-1755-1:C5328", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10794", "DEBIANCVE:CVE-2017-10799", "DEBIANCVE:CVE-2017-10800"]}, {"type": "fedora", "idList": ["FEDORA:18B1D6079267", "FEDORA:5BF646060E83", "FEDORA:5CBAB606E48C"]}, {"type": "freebsd", "idList": ["25F73C47-68A8-4A30-9CBC-1CA5EEA4D6BA"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/REDHAT_LINUX-CVE-2016-7545/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1045.NASL", "DEBIAN_DLA-1755.NASL", "DEBIAN_DSA-4321.NASL", "FEDORA_2017-02008FED70.NASL", "FEDORA_2017-3AC2E9B354.NASL", "FEDORA_2017-FBA331BB86.NASL", "FREEBSD_PKG_25F73C4768A84A309CBC1CA5EEA4D6BA.NASL", "OPENSUSE-2017-1362.NASL", "OPENSUSE-2018-1291.NASL", "OPENSUSE-2018-35.NASL", "OPENSUSE-2018-61.NASL", "SUSE_SU-2018-0130-1.NASL", "SUSE_SU-2018-0132-1.NASL", "UBUNTU_USN-4206-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704321", "OPENVAS:1361412562310844255", "OPENVAS:1361412562310851663", "OPENVAS:1361412562310852100", "OPENVAS:1361412562310872875", "OPENVAS:1361412562310891045", "OPENVAS:1361412562310891755"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2018:3479-1"]}, {"type": "ubuntu", "idList": ["USN-4206-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10794", "UB:CVE-2017-10799", "UB:CVE-2017-10800"]}], "rev": 4}, "score": {"value": 7.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1045-1:712EB", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-10794", "DEBIANCVE:CVE-2017-10799", "DEBIANCVE:CVE-2017-10800"]}, {"type": "fedora", "idList": ["FEDORA:18B1D6079267", "FEDORA:5BF646060E83", "FEDORA:5CBAB606E48C"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/REDHAT_LINUX-CVE-2016-7545/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1045.NASL", "FEDORA_2017-02008FED70.NASL", "FEDORA_2017-3AC2E9B354.NASL", "FEDORA_2017-FBA331BB86.NASL", "OPENSUSE-2017-1362.NASL", "UBUNTU_USN-4206-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844255", "OPENVAS:1361412562310851663", "OPENVAS:1361412562310872875"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3270-1"]}, {"type": "ubuntu", "idList": ["USN-4206-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-10794", "UB:CVE-2017-10799", "UB:CVE-2017-10800"]}]}, "exploitation": null, "vulnersScore": 7.0}, "pluginID": "1361412562310872878", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_fba331bb86_GraphicsMagick_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872878\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 07:37:36 +0200 (Sun, 16 Jul 2017)\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2017-fba331bb86\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fba331bb86\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYB65XFG6CDFEJCLATKLZ6XP6YFDUZL5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.26~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:36:08", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800\n\nSee also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : GraphicsMagick (2017-02008fed70)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-02008FED70.NASL", "href": "https://www.tenable.com/plugins/nessus/101559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-02008fed70.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101559);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-02008fed70\");\n\n script_name(english:\"Fedora 26 : GraphicsMagick (2017-02008fed70)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800\n\nSee also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-02008fed70\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"GraphicsMagick-1.3.26-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:26", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Fedora 25 : GraphicsMagick (2017-3ac2e9b354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3AC2E9B354.NASL", "href": "https://www.tenable.com/plugins/nessus/101502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3ac2e9b354.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101502);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-3ac2e9b354\");\n\n script_name(english:\"Fedora 25 : GraphicsMagick (2017-3ac2e9b354)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also\nhttp://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ac2e9b354\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"GraphicsMagick-1.3.26-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:17", "description": "New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Fedora 24 : GraphicsMagick (2017-fba331bb86)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-FBA331BB86.NASL", "href": "https://www.tenable.com/plugins/nessus/101875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fba331bb86.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101875);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_xref(name:\"FEDORA\", value:\"2017-fba331bb86\");\n\n script_name(english:\"Fedora 24 : GraphicsMagick (2017-fba331bb86)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New stable upstream release, primarily includes security fixes for\nCVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also\nhttp://www.graphicsmagick.org/NEWS.html#july-4-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#july-4-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fba331bb86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"GraphicsMagick-1.3.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T00:54:17", "description": "GraphicsMagick reports :\n\nMultiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-21T00:00:00", "type": "nessus", "title": "FreeBSD : GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-9830", "CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-6335", "CVE-2017-8350"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:GraphicsMagick", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_25F73C4768A84A309CBC1CA5EEA4D6BA.NASL", "href": "https://www.tenable.com/plugins/nessus/110628", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110628);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-9830\", \"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-6335\", \"CVE-2017-8350\");\n\n script_name(english:\"FreeBSD : GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GraphicsMagick reports :\n\nMultiple vulnerabilities have been found in GraphicsMagick 1.3.26 or\nearlier. Please refer to the CVE list for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html\"\n );\n # https://vuxml.freebsd.org/freebsd/25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?029ff082\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"GraphicsMagick<1.3.26,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:12:11", "description": "This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. (boo#1112392)\n\n - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (boo#1112399)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-10-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-1291)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-14997"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1291.NASL", "href": "https://www.tenable.com/plugins/nessus/118479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1291.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118479);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-14997\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-1291)\");\n script_summary(english:\"Check for the openSUSE-2018-1291 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-10794: When GraphicsMagick processed an RGB\n TIFF picture (with metadata indicating a single sample\n per pixel) in coders/tiff.c, a buffer overflow occured,\n related to QuantumTransferMode. (boo#1112392)\n\n - CVE-2017-14997: GraphicsMagick allowed remote attackers\n to cause a denial of service (excessive memory\n allocation) because of an integer underflow in\n ReadPICTImage in coders/pict.c. (boo#1112399)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112399\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-114.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:18:39", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, CVE-2017-6335).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4206-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-13147", "CVE-2017-14042", "CVE-2017-6335"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4206-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131695", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4206-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131695);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-13147\", \"CVE-2017-14042\", \"CVE-2017-6335\");\n script_xref(name:\"USN\", value:\"4206-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : graphicsmagick vulnerabilities (USN-4206-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102,\nCVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637,\nCVE-2017-13147, CVE-2017-14042, CVE-2017-6335).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4206-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:38", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger signedness error leading to excessive memory consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could lead to denial of service (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could lead to denial of service (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage() (bnc#1047054)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-12140", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-14733", "CVE-2017-14994"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1362.NASL", "href": "https://www.tenable.com/plugins/nessus/105243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1362.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105243);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-14733\", \"CVE-2017-14994\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)\");\n script_summary(english:\"Check for the openSUSE-2017-1362 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a\n ninteger signedness error leading to excessive memory\n consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in\n coders/dcm.c could lead to denial of service\n (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in\n coders/pdf.c could lead to denial of service\n (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service\n (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in\n coders\\dcm.c could lead to denial of service\n (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur\n inReadDPXImage() (bnc#1047054)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061587\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T00:39:36", "description": "Several security vulnerabilities were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer over-reads and a memory leak may lead to a denial of service or information disclosure.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Debian DLA-1755-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1755.NASL", "href": "https://www.tenable.com/plugins/nessus/124036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1755-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2019-11006\", \"CVE-2019-11007\", \"CVE-2019-11008\", \"CVE-2019-11009\", \"CVE-2019-11010\");\n\n script_name(english:\"Debian DLA-1755-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial of service or information\ndisclosure.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-01T01:25:53", "description": "Multiple security vulnerabilities, NULL pointer dereferences, use-after-free and heap based overflows, were discovered in graphicsmagick that can lead to denial of service by consuming all available memory or segmentation faults.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-31T00:00:00", "type": "nessus", "title": "Debian DLA-1045-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/102043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1045-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102043);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\");\n\n script_name(english:\"Debian DLA-1045-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:25:12", "description": "This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720)\n\n - CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065)\n\n - CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731)\n\n - CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044)\n\n - CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434)\n\n - CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468)\n\n - CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710)\n\n - CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640)\n\n - CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123)\n\n - CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373)\n\n - CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129)\n\n - CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)\n\n - Memory leak in pwp.c (boo#1051412)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-35)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10800", "CVE-2017-11449", "CVE-2017-11532", "CVE-2017-12564", "CVE-2017-12670", "CVE-2017-12672", "CVE-2017-12675", "CVE-2017-13060", "CVE-2017-13648", "CVE-2017-14326", "CVE-2017-16547", "CVE-2017-17881", "CVE-2017-18022"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-35.NASL", "href": "https://www.tenable.com/plugins/nessus/106064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-35.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106064);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10800\", \"CVE-2017-11449\", \"CVE-2017-11532\", \"CVE-2017-12564\", \"CVE-2017-12670\", \"CVE-2017-12672\", \"CVE-2017-12675\", \"CVE-2017-13060\", \"CVE-2017-13648\", \"CVE-2017-14326\", \"CVE-2017-16547\", \"CVE-2017-17881\", \"CVE-2017-18022\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-35)\");\n script_summary(english:\"Check for the openSUSE-2018-35 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-12672: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1052720)\n\n - CVE-2017-13060: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1055065)\n\n - CVE-2017-12670: Specially crafted MAT images may lead to\n an assertion failure and DoS (bsc#1052731)\n\n - CVE-2017-10800: Specially crafted MAT images may lead to\n memory denial of service (bsc#1047044)\n\n - CVE-2017-13648: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1055434)\n\n - CVE-2017-12564: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1052468)\n\n - CVE-2017-12675: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1052710)\n\n - CVE-2017-14326: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1058640)\n\n - CVE-2017-17881: Memory leak vulnerability allowed DoS\n via MAT image files (bsc#1074123)\n\n - CVE-2017-11449: coders/mpc.c in ImageMagick before\n 7.0.6-1 remote denial of service (boo#1049373)\n\n - CVE-2017-11532: Memory Leak in WriteMPCImage() in\n coders/mpc.c (boo#1050129)\n\n - CVE-2017-16547: Incorrect memory management in DrawImage\n function in magick/render.c could lead to denial of\n service (boo#1067177)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in\n MontageImageCommand in MagickWand/montage.c\n (bsc#1074975)\n\n - Memory leak in pwp.c (boo#1051412)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074975\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-57.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:51", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "Debian DSA-4321-1 : graphicsmagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2019-07-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4321.NASL", "href": "https://www.tenable.com/plugins/nessus/118179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4321. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118179);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n script_xref(name:\"DSA\", value:\"4321\");\n\n script_name(english:\"Debian DSA-4321-1 : graphicsmagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in GraphicsMagick, a set\nof command-line applications to manipulate image files, which could\nresult in denial of service or the execution of arbitrary code if\nmalformed image files are processed.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/graphicsmagick\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e247f871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/graphicsmagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphicsmagick packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.3.30+hg15796-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++-q16-12\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick-q16-3\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:12", "description": "This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969)\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720)\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065)\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446)\n\n - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731)\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732)\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323)\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434)\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898)\n\n - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120)\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468)\n\n - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550)\n\n - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710)\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640)\n\n - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606)\n\n - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855)\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751)\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2018-61)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10800", "CVE-2017-11141", "CVE-2017-11529", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12434", "CVE-2017-12564", "CVE-2017-12667", "CVE-2017-12670", "CVE-2017-12672", "CVE-2017-12675", "CVE-2017-13060", "CVE-2017-13146", "CVE-2017-13648", "CVE-2017-13658", "CVE-2017-14326", "CVE-2017-14533", "CVE-2017-17881", "CVE-2017-18022", "CVE-2018-5246", "CVE-2018-5247"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-61.NASL", "href": "https://www.tenable.com/plugins/nessus/106221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-61.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106221);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10800\", \"CVE-2017-11141\", \"CVE-2017-11529\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12434\", \"CVE-2017-12564\", \"CVE-2017-12667\", \"CVE-2017-12670\", \"CVE-2017-12672\", \"CVE-2017-12675\", \"CVE-2017-13060\", \"CVE-2017-13146\", \"CVE-2017-13648\", \"CVE-2017-13658\", \"CVE-2017-14326\", \"CVE-2017-14533\", \"CVE-2017-17881\", \"CVE-2017-18022\", \"CVE-2018-5246\", \"CVE-2018-5247\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2018-61)\");\n script_summary(english:\"Check for the openSUSE-2018-61 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2018-5246: Fixed memory leak vulnerability in\n ReadPATTERNImage in coders/pattern.c (bsc#1074973)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in\n MontageImageCommand in MagickWand/montage.c\n (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in\n ReadRLAImage in coders/rla.c (bsc#1074969)\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052720)\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1055065)\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c involving the\n quantum_info and clone_info data structures\n (bsc#1051446)\n\n - CVE-2017-12670: Added validation in coders/mat.c to\n prevent an assertion failure in the function\n DestroyImage in MagickCore/image.c, which allowed\n attackers to cause a denial of service (bsc#1052731)\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1052732)\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055323)\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c\n could have lead to a denial of service (OOM) in\n ReadMATImage() if the size specified for a MAT Object\n was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055434)\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders\\mat.c that could have\n caused memory exhaustion via a crafted MAT file, related\n to incorrect ordering of a SetImageExtent call\n (bsc#1047898)\n\n - CVE-2017-11529: The ReadMATImage function in\n coders/mat.c allowed remote attackers to cause a denial\n of service (memory leak) via a crafted file\n (bsc#1050120)\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052468)\n\n - CVE-2017-12434: Added a missing NULL check in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (assertion\n failure) in DestroyImageInfo in image.c (bsc#1052550)\n\n - CVE-2017-12675: Added a missing check for\n multidimensional data coders/mat.c, that could have lead\n to a memory leak in the function ReadImage in\n MagickCore/constitute.c, which allowed attackers to\n cause a denial of service (bsc#1052710)\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1058640)\n\n - CVE-2017-11644: Processesing a crafted file in convert\n could have lead to a memory leak in the ReadMATImage()\n function in coders/mat.c (bsc#1050606)\n\n - CVE-2017-13658: Added a missing NULL check in the\n ReadMATImage function in coders/mat.c, which could have\n lead to a denial of service (assertion failure and\n application exit) in the DestroyImageInfo function in\n MagickCore/image.c (bsc#1055855)\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1059751)\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted MAT\n image file (bsc#1074123)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1074975\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-49.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:34:12", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969)\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720)\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065)\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446)\n\n - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731)\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732)\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323)\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434)\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898)\n\n - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120)\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468)\n\n - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550)\n\n - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710)\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640)\n\n - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606)\n\n - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855)\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751)\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0130-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10800", "CVE-2017-11141", "CVE-2017-11529", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12434", "CVE-2017-12564", "CVE-2017-12667", "CVE-2017-12670", "CVE-2017-12672", "CVE-2017-12675", "CVE-2017-13060", "CVE-2017-13146", "CVE-2017-13648", "CVE-2017-13658", "CVE-2017-14326", "CVE-2017-14533", "CVE-2017-17881", "CVE-2017-18022", "CVE-2018-5246", "CVE-2018-5247"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0130-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0130-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106184);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-10800\", \"CVE-2017-11141\", \"CVE-2017-11529\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12434\", \"CVE-2017-12564\", \"CVE-2017-12667\", \"CVE-2017-12670\", \"CVE-2017-12672\", \"CVE-2017-12675\", \"CVE-2017-13060\", \"CVE-2017-13146\", \"CVE-2017-13648\", \"CVE-2017-13658\", \"CVE-2017-14326\", \"CVE-2017-14533\", \"CVE-2017-17881\", \"CVE-2017-18022\", \"CVE-2018-5246\", \"CVE-2018-5247\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0130-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2018-5246: Fixed memory leak vulnerability in\n ReadPATTERNImage in coders/pattern.c (bsc#1074973)\n\n - CVE-2017-18022: Fixed memory leak vulnerability in\n MontageImageCommand in MagickWand/montage.c\n (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in\n ReadRLAImage in coders/rla.c (bsc#1074969)\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052720)\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1055065)\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c involving the\n quantum_info and clone_info data structures\n (bsc#1051446)\n\n - CVE-2017-12670: Added validation in coders/mat.c to\n prevent an assertion failure in the function\n DestroyImage in MagickCore/image.c, which allowed\n attackers to cause a denial of service (bsc#1052731)\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1052732)\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055323)\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c\n could have lead to a denial of service (OOM) in\n ReadMATImage() if the size specified for a MAT Object\n was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055434)\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders\\mat.c that could have\n caused memory exhaustion via a crafted MAT file, related\n to incorrect ordering of a SetImageExtent call\n (bsc#1047898)\n\n - CVE-2017-11529: The ReadMATImage function in\n coders/mat.c allowed remote attackers to cause a denial\n of service (memory leak) via a crafted file\n (bsc#1050120)\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052468)\n\n - CVE-2017-12434: Added a missing NULL check in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (assertion\n failure) in DestroyImageInfo in image.c (bsc#1052550)\n\n - CVE-2017-12675: Added a missing check for\n multidimensional data coders/mat.c, that could have lead\n to a memory leak in the function ReadImage in\n MagickCore/constitute.c, which allowed attackers to\n cause a denial of service (bsc#1052710)\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1058640)\n\n - CVE-2017-11644: Processesing a crafted file in convert\n could have lead to a memory leak in the ReadMATImage()\n function in coders/mat.c (bsc#1050606)\n\n - CVE-2017-13658: Added a missing NULL check in the\n ReadMATImage function in coders/mat.c, which could have\n lead to a denial of service (assertion failure and\n application exit) in the DestroyImageInfo function in\n MagickCore/image.c (bsc#1055855)\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1059751)\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted MAT\n image file (bsc#1074123)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10800/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12675/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14326/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5246/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5247/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180130-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0613eb7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-97=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-97=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-97=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-97=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-97=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-97=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-97=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-97=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-97=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.26.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:34:05", "description": "This update for ImageMagick fixes several issues. These security issues were fixed :\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720).\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065).\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446).\n\n - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731).\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732).\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323).\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434).\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898).\n\n - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120).\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468).\n\n - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550).\n\n - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710).\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640).\n\n - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606).\n\n - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855).\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751).\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123).\n\n - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610).\n\n - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948).\n\n - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373)\n\n - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252)\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\\mpc.c via crafted file allowing for DoS (bsc#1052771)\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082)\n\n - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425).\n\n - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412).\n\n - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902).\n\n - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122).\n\n - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973).\n\n - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0132-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10800", "CVE-2017-11141", "CVE-2017-11449", "CVE-2017-11529", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-11751", "CVE-2017-12430", "CVE-2017-12434", "CVE-2017-12564", "CVE-2017-12642", "CVE-2017-12667", "CVE-2017-12670", "CVE-2017-12672", "CVE-2017-12675", "CVE-2017-13060", "CVE-2017-13146", "CVE-2017-13648", "CVE-2017-13658", "CVE-2017-14249", "CVE-2017-14326", "CVE-2017-14533", "CVE-2017-17680", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-18022", "CVE-2017-9409", "CVE-2018-5246", "CVE-2018-5247"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0132-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0132-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106186);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000445\", \"CVE-2017-1000476\", \"CVE-2017-10800\", \"CVE-2017-11141\", \"CVE-2017-11449\", \"CVE-2017-11529\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-11751\", \"CVE-2017-12430\", \"CVE-2017-12434\", \"CVE-2017-12564\", \"CVE-2017-12642\", \"CVE-2017-12667\", \"CVE-2017-12670\", \"CVE-2017-12672\", \"CVE-2017-12675\", \"CVE-2017-13060\", \"CVE-2017-13146\", \"CVE-2017-13648\", \"CVE-2017-13658\", \"CVE-2017-14249\", \"CVE-2017-14326\", \"CVE-2017-14533\", \"CVE-2017-17680\", \"CVE-2017-17881\", \"CVE-2017-17882\", \"CVE-2017-18022\", \"CVE-2017-9409\", \"CVE-2018-5246\", \"CVE-2018-5247\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0132-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes several issues. These security\nissues were fixed :\n\n - CVE-2017-12672: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052720).\n\n - CVE-2017-13060: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1055065).\n\n - CVE-2017-11724: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c involving the\n quantum_info and clone_info data structures\n (bsc#1051446).\n\n - CVE-2017-12670: Added validation in coders/mat.c to\n prevent an assertion failure in the function\n DestroyImage in MagickCore/image.c, which allowed\n attackers to cause a denial of service (bsc#1052731).\n\n - CVE-2017-12667: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1052732).\n\n - CVE-2017-13146: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055323).\n\n - CVE-2017-10800: Processing MATLAB images in coders/mat.c\n could have lead to a denial of service (OOM) in\n ReadMATImage() if the size specified for a MAT Object\n was larger than the actual amount of data (bsc#1047044)\n\n - CVE-2017-13648: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1055434).\n\n - CVE-2017-11141: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders\\mat.c that could have\n caused memory exhaustion via a crafted MAT file, related\n to incorrect ordering of a SetImageExtent call\n (bsc#1047898).\n\n - CVE-2017-11529: The ReadMATImage function in\n coders/mat.c allowed remote attackers to cause a denial\n of service (memory leak) via a crafted file\n (bsc#1050120).\n\n - CVE-2017-12564: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (bsc#1052468).\n\n - CVE-2017-12434: Added a missing NULL check in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service (assertion\n failure) in DestroyImageInfo in image.c (bsc#1052550).\n\n - CVE-2017-12675: Added a missing check for\n multidimensional data coders/mat.c, that could have lead\n to a memory leak in the function ReadImage in\n MagickCore/constitute.c, which allowed attackers to\n cause a denial of service (bsc#1052710).\n\n - CVE-2017-14326: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted\n file (bsc#1058640).\n\n - CVE-2017-11644: Processesing a crafted file in convert\n could have lead to a memory leak in the ReadMATImage()\n function in coders/mat.c (bsc#1050606).\n\n - CVE-2017-13658: Added a missing NULL check in the\n ReadMATImage function in coders/mat.c, which could have\n lead to a denial of service (assertion failure and\n application exit) in the DestroyImageInfo function in\n MagickCore/image.c (bsc#1055855).\n\n - CVE-2017-14533: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c (bsc#1059751).\n\n - CVE-2017-17881: Fixed a memory leak vulnerability in the\n function ReadMATImage in coders/mat.c, which allowed\n attackers to cause a denial of service via a crafted MAT\n image file (bsc#1074123).\n\n - CVE-2017-1000476: Prevent CPU exhaustion in the function\n ReadDDSInfo in coders/dds.c, which allowed attackers to\n cause a denial of service (bsc#1074610).\n\n - CVE-2017-9409: Fixed a memory leak vulnerability in the\n function ReadMPCImage in mpc.c, which allowed attackers\n to cause a denial of service via a crafted file\n (bsc#1042948).\n\n - CVE-2017-11449: coders/mpc did not enable seekable\n streams and thus could not validate blob sizes, which\n allowed remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via an image received from stdin (bsc#1049373)\n\n - CVE-2017-12430: A memory exhaustion in the function\n ReadMPCImage in coders/mpc.c allowed attackers to cause\n DoS (bsc#1052252)\n\n - CVE-2017-12642: Prevent a memory leak vulnerability in\n ReadMPCImage in coders\\mpc.c via crafted file allowing\n for DoS (bsc#1052771)\n\n - CVE-2017-14249: A mishandled EOF check in ReadMPCImage\n in coders/mpc.c that lead to a division by zero in\n GetPixelCacheTileSize in MagickCore/cache.c allowed\n remote attackers to cause a denial of service via a\n crafted file (bsc#1058082)\n\n - CVE-2017-1000445: Added a NUL pointer check in the\n MagickCore component that might have lead to denial of\n service (bsc#1074425).\n\n - CVE-2017-11751: Fixed a memory leak vulnerability in the\n function WritePICONImage in coders/xpm.c that allowed\n remote attackers to cause a denial of service via a\n crafted file (bsc#1051412).\n\n - CVE-2017-17680: Fixed a memory leak vulnerability in the\n function ReadXPMImage in coders/xpm.c, which allowed\n attackers to cause a denial of service via a crafted xpm\n image file (bsc#1072902).\n\n - CVE-2017-17882: Fixed a memory leak vulnerability in the\n function ReadXPMImage in coders/xpm.c, which allowed\n attackers to cause a denial of service via a crafted XPM\n image file (bsc#1074122).\n\n - CVE-2018-5246: Fixed memory leak vulnerability in\n ReadPATTERNImage in coders/pattern.c (bsc#1074973).\n\n - CVE-2017-18022: Fixed memory leak vulnerability in\n MontageImageCommand in MagickWand/montage.c\n (bsc#1074975)\n\n - CVE-2018-5247: Fixed memory leak vulnerability in\n ReadRLAImage in coders/rla.c (bsc#1074969)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000445/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000476/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10800/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11449/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11751/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12430/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12642/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12667/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12675/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14326/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17680/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9409/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5246/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5247/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180132-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3cc00d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13422=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13422=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13422=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.22.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.78.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-08T16:54:48", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: GraphicsMagick-1.3.26-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-08T16:54:48", "id": "FEDORA:5CBAB606E48C", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-12T03:29:41", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.26-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-12T03:29:41", "id": "FEDORA:5BF646060E83", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-15T18:50:07", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.26-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2017-07-15T18:50:07", "id": "FEDORA:18B1D6079267", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872875", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872875\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:07 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2017-3ac2e9b354\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3ac2e9b354\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHZ5VPP642V2AZL7BQHXNVHNDUPEMSVZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.26~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-27T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2018:3479-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-14997"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852100", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852100\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-14997\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-27 06:24:59 +0200 (Sat, 27 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2018:3479-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3479-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00073.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the openSUSE-SU-2018:3479-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture (with\n metadata indicating a single sample per pixel) in coders/tiff.c, a\n buffer overflow occurred, related to QuantumTransferMode. (boo#1112392)\n\n - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a\n denial of service (excessive memory allocation) because of an integer\n underflow in ReadPICTImage in coders/pict.c. (boo#1112399)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1291=1\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~114.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T14:44:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4206-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-6335", "CVE-2017-13147", "CVE-2017-10799", "CVE-2017-11636", "CVE-2017-11102", "CVE-2017-11403", "CVE-2017-14042", "CVE-2017-11140", "CVE-2017-11637"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310844255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844255", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844255\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-13147\", \"CVE-2017-14042\", \"CVE-2017-6335\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:34 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4206-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4206-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005231.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4206-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140,\nCVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042,\nCVE-2017-6335)\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851663", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851663\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 07:44:03 +0100 (Wed, 13 Dec 2017)\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-14733\", \"CVE-2017-14994\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3270-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T19:24:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1755-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11008", "CVE-2017-10799", "CVE-2019-11009", "CVE-2019-11010", "CVE-2019-11007", "CVE-2019-11006"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891755", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891755\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2019-11006\", \"CVE-2019-11007\", \"CVE-2019-11008\", \"CVE-2019-11009\", \"CVE-2019-11010\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-14 02:00:21 +0000 (Sun, 14 Apr 2019)\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1755-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1755-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/927029\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the DLA-1755-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.20-3+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:10", "description": "Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1045-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11641", "CVE-2017-10799", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-11642", "CVE-2017-11140", "CVE-2017-11637"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891045", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891045\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-11102\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1045-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.16-1.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:36", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.", "cvss3": {}, "published": "2018-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4321-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704321\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\",\n \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\",\n \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\",\n \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\",\n \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\",\n \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\",\n \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\",\n \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\",\n \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\",\n \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\",\n \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\",\n \"CVE-2018-9018\");\n script_name(\"Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 00:00:00 +0200 (Tue, 16 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4321.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/graphicsmagick\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++-q16-12\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nGraphicsMagick reports:\n\nMultiple vulnerabilities have been found in GraphicsMagick 1.3.26\n\t or earlier. Please refer to the CVE list for details.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-04T00:00:00", "type": "freebsd", "title": "GraphicsMagick -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-9830", "CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-6335", "CVE-2017-8350"], "modified": "2017-07-04T00:00:00", "id": "25F73C47-68A8-4A30-9CBC-1CA5EEA4D6BA", "href": "https://vuxml.freebsd.org/freebsd/25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:24:04", "description": "When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "cve", "title": "CVE-2017-10800", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10800"], "modified": "2018-10-18T10:29:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.25"], "id": "CVE-2017-10800", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10800", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:23:57", "description": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-02T22:29:00", "type": "cve", "title": "CVE-2017-10794", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794"], "modified": "2018-10-18T10:29:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.25"], "id": "CVE-2017-10794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10794", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:24:02", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "cve", "title": "CVE-2017-10799", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2019-04-15T12:30:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.25"], "id": "CVE-2017-10799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:41:29", "description": "When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can\nlead to a denial of service (OOM) in ReadMATImage() if the size specified\nfor a MAT Object is larger than the actual amount of data.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867060>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-03T00:00:00", "type": "ubuntucve", "title": "CVE-2017-10800", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10800"], "modified": "2017-07-03T00:00:00", "id": "UB:CVE-2017-10800", "href": "https://ubuntu.com/security/CVE-2017-10800", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:41:29", "description": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata\nindicating a single sample per pixel) in coders/tiff.c, a buffer overflow\noccurs, related to QuantumTransferMode.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867085>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-10794", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794"], "modified": "2017-07-02T00:00:00", "id": "UB:CVE-2017-10794", "href": "https://ubuntu.com/security/CVE-2017-10794", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:41:29", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating\na large width) in coders/dpx.c, a denial of service (OOM) can occur in\nReadDPXImage().\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867077>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-03T00:00:00", "type": "ubuntucve", "title": "CVE-2017-10799", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2017-07-03T00:00:00", "id": "UB:CVE-2017-10799", "href": "https://ubuntu.com/security/CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-03-29T07:34:39", "description": "When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "debiancve", "title": "CVE-2017-10800", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10800"], "modified": "2017-07-03T01:29:00", "id": "DEBIANCVE:CVE-2017-10800", "href": "https://security-tracker.debian.org/tracker/CVE-2017-10800", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-29T07:34:39", "description": "When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-02T22:29:00", "type": "debiancve", "title": "CVE-2017-10794", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794"], "modified": "2017-07-02T22:29:00", "id": "DEBIANCVE:CVE-2017-10794", "href": "https://security-tracker.debian.org/tracker/CVE-2017-10794", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-29T07:34:39", "description": "When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-03T01:29:00", "type": "debiancve", "title": "CVE-2017-10799", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "2017-07-03T01:29:00", "id": "DEBIANCVE:CVE-2017-10799", "href": "https://security-tracker.debian.org/tracker/CVE-2017-10799", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "metasploit": [{"lastseen": "2021-06-11T21:04:28", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Ubuntu: USN-4206-1 (CVE-2017-10799): GraphicsMagick vulnerabilities", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/REDHAT_LINUX-CVE-2016-7545/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "New stable upstream release including security fixes for CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830, CVE-2017-6335, CVE-2017-8350, CVE-2017-10794, CVE-2017-10799, CVE-2017-10800, CVE-2017-11403 and possibly several other security issues with and without associated CVE number. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-30T15:58:51", "type": "mageia", "title": "Updated graphicsmagick packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-9830", "CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11403", "CVE-2017-6335", "CVE-2017-8350"], "modified": "2017-07-30T15:58:51", "id": "MGASA-2017-0229", "href": "https://advisories.mageia.org/MGASA-2017-0229.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:38:48", "description": "This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture (with\n metadata indicating a single sample per pixel) in coders/tiff.c, a\n buffer overflow occured, related to QuantumTransferMode. (boo#1112392)\n - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a\n denial of service (excessive memory allocation) because of an integer\n underflow in ReadPICTImage in coders/pict.c. (boo#1112399)\n\n", "cvss3": {}, "published": "2018-10-26T14:40:08", "type": "suse", "title": "Security update for GraphicsMagick (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-14997"], "modified": "2018-10-26T14:40:08", "id": "OPENSUSE-SU-2018:3479-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00073.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\n\n", "cvss3": {}, "published": "2017-12-12T18:09:44", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "modified": "2017-12-12T18:09:44", "id": "OPENSUSE-SU-2017:3270-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00028.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T11:32:55", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, \nCVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, \nCVE-2017-6335)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-12-02T00:00:00", "type": "ubuntu", "title": "GraphicsMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2017-14042", "CVE-2017-10794", "CVE-2017-13147", "CVE-2017-11403", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-6335", "CVE-2017-11637", "CVE-2017-11636"], "modified": "2019-12-02T00:00:00", "id": "USN-4206-1", "href": "https://ubuntu.com/security/notices/USN-4206-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:27:18", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u6\nCVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007\n CVE-2019-11008 CVE-2019-11009 CVE-2019-11010\nDebian Bug : 927029\n\nSeveral security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-04-13T22:13:02", "type": "debian", "title": "[SECURITY] [DLA 1755-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2019-04-13T22:13:02", "id": "DEBIAN:DLA-1755-1:C5328", "href": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-06T03:59:42", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u6\nCVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007\n CVE-2019-11008 CVE-2019-11009 CVE-2019-11010\nDebian Bug : 927029\n\nSeveral security vulnerabilities were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer over-reads and\na memory leak may lead to a denial-of-service or information disclosure.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.3.20-3+deb8u6.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-04-13T22:13:02", "type": "debian", "title": "[SECURITY] [DLA 1755-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2019-11006", "CVE-2019-11007", "CVE-2019-11008", "CVE-2019-11009", "CVE-2019-11010"], "modified": "2019-04-13T22:13:02", "id": "DEBIAN:DLA-1755-1:376D8", "href": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:28:23", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u8\nCVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140\n CVE-2017-11403 CVE-2017-11636 CVE-2017-11637\n CVE-2017-11638 CVE-2017-11641 CVE-2017-11642\n CVE-2017-11643\nDebian Bug : 867077 867746 870149\n\nMultiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-30T16:22:23", "type": "debian", "title": "[SECURITY] [DLA 1045-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2017-07-30T16:22:23", "id": "DEBIAN:DLA-1045-1:24D9D", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-11T04:51:13", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u8\nCVE ID : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140\n CVE-2017-11403 CVE-2017-11636 CVE-2017-11637\n CVE-2017-11638 CVE-2017-11641 CVE-2017-11642\n CVE-2017-11643\nDebian Bug : 867077 867746 870149\n\nMultiple security vulnerabilities, NULL pointer dereferences,\nuse-after-free and heap based overflows, were discovered in\ngraphicsmagick that can lead to denial of service by consuming all\navailable memory or segmentation faults.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.3.16-1.1+deb7u8.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-30T16:22:23", "type": "debian", "title": "[SECURITY] [DLA 1045-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10799", "CVE-2017-11102", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643"], "modified": "2017-07-30T16:22:23", "id": "DEBIAN:DLA-1045-1:712EB", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00041.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-18T23:58:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4321-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphicsmagick\nCVE ID : CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102 \n CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 \n CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 \n CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 \n CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 \n CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 \n CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 \n CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277 \n CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 \n CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 \n CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 \n CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 \n CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 \n CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018\n\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/graphicsmagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T21:57:57", "type": "debian", "title": "[SECURITY] [DSA 4321-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2018-10-16T21:57:57", "id": "DEBIAN:DSA-4321-1:D5514", "href": "https://lists.debian.org/debian-security-announce/2018/msg00252.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}