Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2016 Greenbone Networks GmbH http://greenbone.netOPENVAS:703652
HistoryAug 25, 2016 - 12:00 a.m.

Debian Security Advisory DSA 3652-1 (imagemagick - security update)

2016-08-2500:00:00
Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net
plugins.openvas.org
10

0.097 Low

EPSS

Percentile

94.2%

JSON

This updates fixes many vulnerabilities
in imagemagick: Various memory handling problems and cases of missing or incomplete
input sanitising may result in denial of service or the execution of arbitrary code
if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,
PDB, DDS, DCM, EXIF, RGF or BMP files are processed.

# OpenVAS Vulnerability Test
# $Id: deb_3652.nasl 6608 2017-07-07 12:05:05Z cfischer $
# Auto-generated from advisory DSA 3652-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703652);
    script_version("$Revision: 6608 $");
    script_cve_id("CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010",
                  "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690",
                  "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491");
    script_name("Debian Security Advisory DSA 3652-1 (imagemagick - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $");
    script_tag(name: "creation_date", value: "2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)");
    script_tag(name:"cvss_base", value:"7.5");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2016/dsa-3652.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "imagemagick on Debian Linux");
    script_tag(name: "insight",   value: "ImageMagick is a software suite to
create, edit, and compose bitmap images. It can read, convert and write images in
a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000, PDF,
PhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate, flip, mirror,
rotate, scale, shear and transform images, adjust image colors, apply various special
effects, or draw text, lines, polygons, ellipses and Bzier curves.
All manipulations can be achieved through shell commands as well as through
an X11 graphical interface (display).");
    script_tag(name: "solution",  value: "For the stable distribution (jessie),
these problems have been fixed in version 8:6.8.9.9-5+deb8u4.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your imagemagick packages.");
    script_tag(name: "summary",   value: "This updates fixes many vulnerabilities
in imagemagick: Various memory handling problems and cases of missing or incomplete
input sanitising may result in denial of service or the execution of arbitrary code
if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,
PDB, DDS, DCM, EXIF, RGF or BMP files are processed.");
    script_tag(name: "vuldetect", value: "This check tests the installed software
version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"imagemagick", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"imagemagick-6.q16", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"imagemagick-common", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"imagemagick-dbg:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"imagemagick-dbg:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"imagemagick-doc", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libimage-magick-perl", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libimage-magick-q16-perl", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagick++-6-headers", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagick++-6.q16-5:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagick++-6.q16-5:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagick++-6.q16-dev:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagick++-6.q16-dev:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagick++-dev", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6-arch-config:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6-arch-config:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickcore-6-headers", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-2:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-2:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-2-extra:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-2-extra:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-dev:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickcore-6.q16-dev:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickcore-dev", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickwand-6-headers", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickwand-6.q16-2:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickwand-6.q16-2:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickwand-6.q16-dev:amd64", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libmagickwand-6.q16-dev:i386", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libmagickwand-dev", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"perlmagick", ver:"8:6.8.9.9-5+deb8u4", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Related

debian 3
nessus 22
openvas 53
osv 4
mageia 1
veracode 12
cve 12
prion 12
alpinelinux 12
ubuntucve 12
debiancve 12
redhatcve 12
archlinux 1
gentoo 1
suse 4
ubuntu 1
fedora 25
debian
debian
[SECURITY] [DSA 3652-1] imagemagick security update
2016-08-25 20:53:02
[SECURITY] [DLA 517-1] imagemagick security update
2016-06-17 08:40:22
[SECURITY] [DLA 731-1] imagemagick security update
2016-12-02 05:44:49
nessus
nessus
EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1970)
2019-09-23 00:00:00
Debian DLA-517-1 : imagemagick security update
2016-06-20 00:00:00
ImageMagick 6.x < 6.9.4-3 / 7.x < 7.0.1-4 Multiple Vulnerabilities
2016-06-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-1970)
2020-01-23 00:00:00
ImageMagick Multiple Unspecified Vulnerabilities - Windows
2016-06-06 00:00:00
ImageMagick Multiple Unspecified Vulnerabilities - Mac OS X
2016-06-06 00:00:00
osv
osv
imagemagick - security update
2016-06-17 00:00:00
imagemagick - security update
2016-08-25 00:00:00
CVE-2016-5010
2017-04-20 18:59:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2016-07-19 15:47:11
veracode
veracode
Denial Of Service (DoS) Through Integer Overflow
2017-01-31 08:47:53
Out-of-Bounds Read
2017-02-01 02:46:52
Denial Of Service (DoS)
2017-02-01 05:31:57
cve
cve
CVE-2016-5690
2016-12-13 15:59:00
CVE-2016-5691
2016-12-13 15:59:00
CVE-2016-5687
2016-12-13 15:59:00
prion
prion
Out-of-bounds
2016-12-13 15:59:00
Authentication flaw
2016-12-13 15:59:00
Code injection
2016-12-13 15:59:00
alpinelinux
alpinelinux
CVE-2016-5687
2016-12-13 15:59:00
CVE-2016-5690
2016-12-13 15:59:00
CVE-2016-5691
2016-12-13 15:59:00
ubuntucve
ubuntucve
CVE-2016-5690
2016-06-24 00:00:00
CVE-2016-5691
2016-06-24 00:00:00
CVE-2016-4562
2016-06-04 00:00:00
debiancve
debiancve
CVE-2016-5691
2016-12-13 15:59:00
CVE-2016-5688
2016-12-13 15:59:00
CVE-2016-5690
2016-12-13 15:59:00
redhatcve
redhatcve
CVE-2016-5691
2016-06-20 10:48:29
CVE-2016-5690
2016-06-20 10:48:23
CVE-2016-4562
2016-06-07 11:48:48
archlinux
archlinux
imagemagick: information leakage
2016-07-29 00:00:00
gentoo
gentoo
ImageMagick: Multiple vulnerabilities
2016-11-30 00:00:00
suse
suse
Security update for ImageMagick (important)
2016-07-11 16:08:01
Security update for ImageMagick (important)
2016-07-20 12:09:04
Security update for ImageMagick (important)
2016-07-11 16:26:48
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: k3d-0.8.0.6-8.fc26
2017-09-19 03:27:27
[SECURITY] Fedora 26 Update: inkscape-0.92.1-4.20170510bzr15686.fc26.1
2017-09-19 03:27:26
[SECURITY] Fedora 26 Update: rubygem-rmagick-2.16.0-4.fc26.2
2017-09-19 03:27:34

0.097 Low

EPSS

Percentile

94.2%

JSON
Related for OPENVAS:703652
debian3nessus22openvas53osv4mageia1veracode12cve12prion12alpinelinux12ubuntucve12debiancve12redhatcve12archlinux1gentoo1suse4ubuntu1fedora25