Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2019 Greenbone AGOPENVAS:1361412562310891968
HistoryOct 22, 2019 - 12:00 a.m.

Debian: Security Advisory (DLA-1968-1)

2019-10-2200:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
80

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.027 Low

EPSS

Percentile

90.3%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.891968");
  script_cve_id("CVE-2019-11470", "CVE-2019-14981", "CVE-2019-15139", "CVE-2019-15140");
  script_tag(name:"creation_date", value:"2019-10-22 02:00:35 +0000 (Tue, 22 Oct 2019)");
  script_version("2024-02-02T05:06:07+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-08-28 14:28:49 +0000 (Wed, 28 Aug 2019)");

  script_name("Debian: Security Advisory (DLA-1968-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB8");

  script_xref(name:"Advisory-ID", value:"DLA-1968-1");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2019/DLA-1968-1");
  script_xref(name:"URL", value:"https://wiki.debian.org/LTS");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'imagemagick' package(s) announced via the DLA-1968-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Multiple vulnerabilities have been found in imagemagick, an image processing toolkit.

CVE-2019-11470

Uncontrolled resource consumption caused by insufficiently sanitized image size in ReadCINImage (coders/cin.c). This vulnerability might be leveraged by remote attackers to cause denial of service via a crafted Cineon image.

CVE-2019-14981

Divide-by-zero vulnerability in MeanShiftImage (magick/feature.c). This vulnerability might be leveraged by remote attackers to cause denial of service via crafted image data.

CVE-2019-15139

Out-of-bounds read in ReadXWDImage (coders/xwd.c). This vulnerability might be leveraged by remote attackers to cause denial of service via a crafted XWD (X Window System window dumping file) image file.

CVE-2019-15140

Bound checking issue in ReadMATImage (coders/mat.c), potentially leading to use-after-free. This vulnerability might be leveraged by remote attackers to cause denial of service or any other unspecified impact via a crafted MAT image file.

For Debian 8 Jessie, these problems have been fixed in version 8:6.8.9.9-5+deb8u18.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");

  script_tag(name:"affected", value:"'imagemagick' package(s) on Debian 8.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB8") {

  if(!isnull(res = isdpkgvuln(pkg:"imagemagick", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"imagemagick-6.q16", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"imagemagick-common", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"imagemagick-dbg", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"imagemagick-doc", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libimage-magick-perl", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libimage-magick-q16-perl", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagick++-6-headers", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagick++-6.q16-5", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagick++-6.q16-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagick++-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-6-arch-config", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-6-headers", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-6.q16-2", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-6.q16-2-extra", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-6.q16-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickcore-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickwand-6-headers", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickwand-6.q16-2", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickwand-6.q16-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libmagickwand-dev", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"perlmagick", ver:"8:6.8.9.9-5+deb8u18", rls:"DEB8"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

debian 5
osv 9
nessus 45
prion 4
redhatcve 4
cve 5
veracode 4
ubuntucve 4
debiancve 4
alpinelinux 3
suse 4
openvas 24
fedora 4
cloudfoundry 2
ubuntu 2
amazon 10
freebsd 1
oraclelinux 1
redhat 1
centos 1
ibm 2
debian
debian
[SECURITY] [DLA 1968-1] imagemagick security update
2019-10-21 09:04:57
[SECURITY] [DSA 4715-1] imagemagick security update
2020-07-02 18:34:51
[SECURITY] [DSA 4712-1] imagemagick security update
2020-06-30 20:31:53
osv
osv
imagemagick - security update
2019-10-21 00:00:00
CVE-2019-15140
2019-08-18 19:15:09
CVE-2019-14981
2019-08-12 23:15:11
nessus
nessus
Debian DLA-1968-1 : imagemagick security update
2019-10-22 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2019-2515)
2019-11-15 00:00:00
openSUSE Security Update : ImageMagick (openSUSE-2019-2519)
2019-11-18 00:00:00
prion
prion
Design/Logic Flaw
2019-04-23 14:29:00
Design/Logic Flaw
2019-08-18 19:15:00
Design/Logic Flaw
2019-08-12 23:15:00
redhatcve
redhatcve
CVE-2019-15140
2019-11-01 13:55:57
CVE-2019-14981
2019-10-02 17:51:33
CVE-2019-11470
2019-05-08 10:50:33
cve
cve
CVE-2019-14981
2019-08-12 23:15:00
CVE-2019-15140
2019-08-18 19:15:00
CVE-2019-11470
2019-04-23 14:29:00
veracode
veracode
Denial Of Service (DoS)
2019-04-24 02:24:06
Denial Of Service (DoS)
2020-04-01 00:39:12
Denial Of Service (DoS)
2019-09-09 06:34:17
ubuntucve
ubuntucve
CVE-2019-11470
2019-04-23 00:00:00
CVE-2019-14981
2019-08-12 00:00:00
CVE-2019-15140
2019-08-18 00:00:00
debiancve
debiancve
CVE-2019-15140
2019-08-18 19:15:00
CVE-2019-14981
2019-08-12 23:15:00
CVE-2019-11470
2019-04-23 14:29:00
alpinelinux
alpinelinux
CVE-2019-14981
2019-08-12 23:15:00
CVE-2019-15140
2019-08-18 19:15:00
CVE-2019-15139
2019-08-18 19:15:00
suse
suse
Security update for ImageMagick (moderate)
2019-11-16 00:00:00
Security update for ImageMagick (moderate)
2019-11-15 00:00:00
Security update for ImageMagick (moderate)
2019-06-24 00:00:00
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2019:2515-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2896-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2019:2519-1)
2019-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: GraphicsMagick-1.3.34-1.fc30
2020-01-12 01:17:43
[SECURITY] Fedora 31 Update: GraphicsMagick-1.3.34-1.fc31
2020-01-12 01:49:30
[SECURITY] Fedora 29 Update: GraphicsMagick-1.3.32-1.fc29
2019-06-30 02:27:02
cloudfoundry
cloudfoundry
USN-4192-1: ImageMagick vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-11-14 00:00:00
ImageMagick vulnerabilities
2019-06-25 00:00:00
amazon
amazon
Medium: php56-pecl-imagick
2023-08-21 12:14:00
Medium: php55-pecl-imagick
2023-08-21 12:14:00
Important: ImageMagick
2024-01-19 01:51:00
freebsd
freebsd
ImageMagick -- multiple vulnerabilities
2019-03-07 00:00:00
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00
redhat
redhat
(RHSA-2020:1180) Moderate: ImageMagick security, bug fix, and enhancement update
2020-03-31 09:28:57
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49
ibm
ibm
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.
2022-02-21 04:39:05
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
2021-08-13 22:15:02

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.027 Low

EPSS

Percentile

90.3%

JSON
Related for OPENVAS:1361412562310891968
debian5osv9nessus45prion4redhatcve4cve5veracode4ubuntucve4debiancve4alpinelinux3suse4openvas24fedora4cloudfoundry2ubuntu2amazon10freebsd1oraclelinux1redhat1centos1ibm2