ID OPENVAS:803814 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2017-12-19T00:00:00
Description
The host is installed with ImageMagick and is prone to integer
overflow Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 8173 2017-12-19 11:45:56Z cfischer $
#
# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)
#
# Authors:
# Thanga Prakash S <tprakash@secpod.com>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:imagemagick:imagemagick";
tag_impact = "Successful exploitation will allow a context-dependent attacker to cause
denial of service condition or potentially execute arbitrary code.
Impact Level: Application/System";
tag_affected = "ImageMagick version 6.7.5 and earlier on Windows.";
tag_insight = "Integer overflow error occurs due to an improper sanitation of user supplied
input when computing the sum of 'number_bytes' and 'offset' in
magick/profile.c or magick/property.c with a specially crafted request.";
tag_solution = "Upgrade to ImageMagick version 6.7.5-1 or later.
http://www.imagemagick.org/script/download.php";
tag_summary = "The host is installed with ImageMagick and is prone to integer
overflow Vulnerability.";
if(description)
{
script_id(803814);
script_version("$Revision: 8173 $");
script_cve_id("CVE-2012-1185");
script_bugtraq_id(51957);
script_tag(name:"last_modification", value:"$Date: 2017-12-19 12:45:56 +0100 (Tue, 19 Dec 2017) $");
script_tag(name:"creation_date", value:"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)");
script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/76140");
script_xref(name : "URL" , value : "http://www.openwall.com/lists/oss-security/2012/03/19/5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Buffer overflow");
script_dependencies("secpod_imagemagick_detect_win.nasl");
script_mandatory_keys("ImageMagick/Win/Installed");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );
vers = infos['version'];
path = infos['location'];
if( version_is_less( version:vers, test_version:"6.7.5.1" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"6.7.5.1", install_path:path );
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
{"bulletinFamily": "scanner", "viewCount": 1, "naslFamily": "Buffer overflow", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.openwall.com/lists/oss-security/2012/03/19/5", "http://xforce.iss.net/xforce/xfdb/76140"], "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "7102510690caf406c70da96b66615864"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "0679e4057b88e1df5f2d7c989c4fc7b1"}, {"key": "href", "hash": "a6bbc0cc10f2cd0bc95dee161e93e8e9"}, {"key": "modified", "hash": "2b640ad6a8085d904bddcda9924e34ea"}, {"key": "naslFamily", "hash": "b9cc6a9f33ec12abd4e976263afc3918"}, {"key": "pluginID", "hash": "4305f85e9df40b9494932af6de9b2d63"}, {"key": "published", "hash": "80c2da593ca3623c22b086d765467846"}, {"key": "references", "hash": "80672d5ce50df8eddad4641ed73d4ed9"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "sourceData", "hash": "2194403dc4d02ec799cbe01f1c9505d7"}, {"key": "title", "hash": "84dbcc306acbfff8a1ea95a4def4286b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=803814", "modified": "2017-12-19T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "id": "OPENVAS:803814", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "hash": "7826f1994810055ba1d468a94580cebdecf175df1976edd30a7e4e367a6b0597", "edition": 2, "published": "2013-06-24T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:11:01", "bulletin": {"hash": "133a976a7bfdf3237c90454385319b212ca5b68bc6c6ad428fd4774fa452c792", "viewCount": 0, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.openwall.com/lists/oss-security/2012/03/19/5", "http://xforce.iss.net/xforce/xfdb/76140"], "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "hashmap": [{"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "references", "hash": "80672d5ce50df8eddad4641ed73d4ed9"}, {"key": "title", "hash": "84dbcc306acbfff8a1ea95a4def4286b"}, {"key": "modified", "hash": "c4b4036a2590e955204d8f301d435a7c"}, {"key": "sourceData", "hash": "8037a50d76be524b56e64878a4032708"}, {"key": "published", "hash": "80c2da593ca3623c22b086d765467846"}, {"key": "pluginID", "hash": "4305f85e9df40b9494932af6de9b2d63"}, {"key": "description", "hash": "0679e4057b88e1df5f2d7c989c4fc7b1"}, {"key": "cvelist", "hash": "7102510690caf406c70da96b66615864"}, {"key": "naslFamily", "hash": "b9cc6a9f33ec12abd4e976263afc3918"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "href", "hash": "a6bbc0cc10f2cd0bc95dee161e93e8e9"}], "naslFamily": "Buffer overflow", "modified": "2017-05-15T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=803814", "published": "2013-06-24T00:00:00", "enchantments": {}, "id": "OPENVAS:803814", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 6125 2017-05-15 09:03:42Z teissa $\n#\n# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow a context-dependent attacker to cause\n denial of service condition or potentially execute arbitrary code.\n Impact Level: Application/System\";\n\ntag_affected = \"ImageMagick version 6.7.5 and earlier on Windows.\";\ntag_insight = \"Integer overflow error occurs due to an improper sanitation of user supplied\n input when computing the sum of 'number_bytes' and 'offset' in\n magick/profile.c or magick/property.c with a specially crafted request.\";\ntag_solution = \"Upgrade to ImageMagick version 6.7.5-1 or later.\n http://www.imagemagick.org/script/download.php\";\ntag_summary = \"The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.\";\n\nif(description)\n{\n script_id(803814);\n script_version(\"$Revision: 6125 $\");\n script_cve_id(\"CVE-2012-1185\");\n script_bugtraq_id(51957);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-15 11:03:42 +0200 (Mon, 15 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/76140\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nimageVer = get_kb_item(\"ImageMagick/Win/Ver\");\nif(!imageVer){\n exit(0);\n}\n\nif(version_is_less(version:imageVer, test_version:\"6.7.5.1\"))\n{\n security_message(0);\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2012-1185"], "lastseen": "2017-07-02T21:11:01", "pluginID": "803814"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2012-1185"], "lastseen": "2017-12-20T13:22:29", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 8173 2017-12-19 11:45:56Z cfischer $\n#\n# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\ntag_impact = \"Successful exploitation will allow a context-dependent attacker to cause\n denial of service condition or potentially execute arbitrary code.\n Impact Level: Application/System\";\n\ntag_affected = \"ImageMagick version 6.7.5 and earlier on Windows.\";\ntag_insight = \"Integer overflow error occurs due to an improper sanitation of user supplied\n input when computing the sum of 'number_bytes' and 'offset' in\n magick/profile.c or magick/property.c with a specially crafted request.\";\ntag_solution = \"Upgrade to ImageMagick version 6.7.5-1 or later.\n http://www.imagemagick.org/script/download.php\";\ntag_summary = \"The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.\";\n\nif(description)\n{\n script_id(803814);\n script_version(\"$Revision: 8173 $\");\n script_cve_id(\"CVE-2012-1185\");\n script_bugtraq_id(51957);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 12:45:56 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/76140\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"6.7.5.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.7.5.1\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "pluginID": "803814"}
{"cve": [{"lastseen": "2017-08-29T12:17:34", "references": ["http://www.debian.org/security/2012/dsa-2462", "https://exchange.xforce.ibmcloud.com/vulnerabilities/76140", "http://www.openwall.com/lists/oss-security/2012/03/19/5", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185", "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c", "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html", "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c", "http://ubuntu.com/usn/usn-1435-1", "http://www.securityfocus.com/bid/51957"], "description": "Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.", "edition": 2, "reporter": "NVD", "published": "2012-06-05T18:55:09", "title": "CVE-2012-1185", "type": "cve", "enchantments": {"score": {"modified": "2017-08-29T12:17:34", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-1185"], "scanner": [], "modified": "2017-08-28T21:31:14", "cpe": ["cpe:/a:imagemagick:imagemagick:6.2.8.1", "cpe:/a:imagemagick:imagemagick:6.5.5-10", "cpe:/a:imagemagick:imagemagick:6.4.6", "cpe:/a:imagemagick:imagemagick:6.6.2-4", "cpe:/a:imagemagick:imagemagick:5.2.0", "cpe:/a:imagemagick:imagemagick:6.6.4", "cpe:/a:imagemagick:imagemagick:6.5.4-9", "cpe:/a:imagemagick:imagemagick:6.5.1", "cpe:/a:imagemagick:imagemagick:6.3.8-9", "cpe:/a:imagemagick:imagemagick:6.7.2-6", "cpe:/a:imagemagick:imagemagick:6.6.2-3", "cpe:/a:imagemagick:imagemagick:6.3.5-7", "cpe:/a:imagemagick:imagemagick:6.6.4-5", "cpe:/a:imagemagick:imagemagick:5.3.6", "cpe:/a:imagemagick:imagemagick:6.6.5-6", "cpe:/a:imagemagick:imagemagick:6.7.0-6", "cpe:/a:imagemagick:imagemagick:6.6.5-2", "cpe:/a:imagemagick:imagemagick:6.3.2.2", "cpe:/a:imagemagick:imagemagick:6.4.0-6", "cpe:/a:imagemagick:imagemagick:6.6.7-1", "cpe:/a:imagemagick:imagemagick:6.4.2-8", "cpe:/a:imagemagick:imagemagick:6.3.6-8", "cpe:/a:imagemagick:imagemagick:6.2.3", "cpe:/a:imagemagick:imagemagick:6.6.3-6", "cpe:/a:imagemagick:imagemagick:6.5.4-4", "cpe:/a:imagemagick:imagemagick:6.6.0-4", "cpe:/a:imagemagick:imagemagick:6.2.0.7", "cpe:/a:imagemagick:imagemagick:6.7.3-6", "cpe:/a:imagemagick:imagemagick:5.4.5.1", "cpe:/a:imagemagick:imagemagick:6.7.3-5", "cpe:/a:imagemagick:imagemagick:6.3.2-5", "cpe:/a:imagemagick:imagemagick:6.6.3-3", "cpe:/a:imagemagick:imagemagick:6.6.9-2", "cpe:/a:imagemagick:imagemagick:6.5.4-1", "cpe:/a:imagemagick:imagemagick:6.5.2-4", "cpe:/a:imagemagick:imagemagick:6.4.1-5", "cpe:/a:imagemagick:imagemagick:6.5.3-8", "cpe:/a:imagemagick:imagemagick:6.3.2-8", "cpe:/a:imagemagick:imagemagick:6.3.7", "cpe:/a:imagemagick:imagemagick:5.2.6", "cpe:/a:imagemagick:imagemagick:6.6.0-7", "cpe:/a:imagemagick:imagemagick:6.3.5-4", "cpe:/a:imagemagick:imagemagick:6.2.8.2", "cpe:/a:imagemagick:imagemagick:6.5.9-4", "cpe:/a:imagemagick:imagemagick:6.1.8", "cpe:/a:imagemagick:imagemagick:6.5.1-9", "cpe:/a:imagemagick:imagemagick:6.5.2", "cpe:/a:imagemagick:imagemagick:6.0.6", "cpe:/a:imagemagick:imagemagick:6.7.5-0", "cpe:/a:imagemagick:imagemagick:6.3.7-4", "cpe:/a:imagemagick:imagemagick:6.7.3-7", "cpe:/a:imagemagick:imagemagick:6.7.2-7", "cpe:/a:imagemagick:imagemagick:6.5.8", "cpe:/a:imagemagick:imagemagick:6.3.7-9", "cpe:/a:imagemagick:imagemagick:6.5.6-3", "cpe:/a:imagemagick:imagemagick:6.4.8-4", "cpe:/a:imagemagick:imagemagick:5.3.3", "cpe:/a:imagemagick:imagemagick:6.5.9-2", "cpe:/a:imagemagick:imagemagick:6.5.4", "cpe:/a:imagemagick:imagemagick:6.5.5-7", "cpe:/a:imagemagick:imagemagick:6.4.0-7", "cpe:/a:imagemagick:imagemagick:6.3.2", "cpe:/a:imagemagick:imagemagick:6.4.5-1", "cpe:/a:imagemagick:imagemagick:5.5.7.15", "cpe:/a:imagemagick:imagemagick:6.3.8-5", "cpe:/a:imagemagick:imagemagick:6.7.1-8", "cpe:/a:imagemagick:imagemagick:6.5.4-6", "cpe:/a:imagemagick:imagemagick:6.4.0", "cpe:/a:imagemagick:imagemagick:6.7.0-2", "cpe:/a:imagemagick:imagemagick:6.5.0-4", "cpe:/a:imagemagick:imagemagick:6.6.7-7", "cpe:/a:imagemagick:imagemagick:6.6.5-4", "cpe:/a:imagemagick:imagemagick:6.6.7-9", "cpe:/a:imagemagick:imagemagick:6.3.3-1", "cpe:/a:imagemagick:imagemagick:6.3.1.2.", "cpe:/a:imagemagick:imagemagick:6.6.4-8", "cpe:/a:imagemagick:imagemagick:6.0.4.4", "cpe:/a:imagemagick:imagemagick:6.6.7-6", "cpe:/a:imagemagick:imagemagick:6.3.6-7", "cpe:/a:imagemagick:imagemagick:6.4.3-5", "cpe:/a:imagemagick:imagemagick:5.3.8.2", "cpe:/a:imagemagick:imagemagick:6.6.1-2", "cpe:/a:imagemagick:imagemagick:5.4.1.2", "cpe:/a:imagemagick:imagemagick:6.4.8", "cpe:/a:imagemagick:imagemagick:6.6.4-4", "cpe:/a:imagemagick:imagemagick:6.7.0-4", "cpe:/a:imagemagick:imagemagick:6.4.0-11", "cpe:/a:imagemagick:imagemagick:6.3.4-1", "cpe:/a:imagemagick:imagemagick:6.6.1-10", "cpe:/a:imagemagick:imagemagick:6.0.6.1", "cpe:/a:imagemagick:imagemagick:6.0.2.5", "cpe:/a:imagemagick:imagemagick:6.5.8-7", "cpe:/a:imagemagick:imagemagick:6.4.5-3", "cpe:/a:imagemagick:imagemagick:6.4.9-3", "cpe:/a:imagemagick:imagemagick:4.2.7", "cpe:/a:imagemagick:imagemagick:6.7.1-3", "cpe:/a:imagemagick:imagemagick:6.3.3.1", "cpe:/a:imagemagick:imagemagick:6.4.6-3", "cpe:/a:imagemagick:imagemagick:6.3.0.0", "cpe:/a:imagemagick:imagemagick:6.5.7", "cpe:/a:imagemagick:imagemagick:6.3.1-6", "cpe:/a:imagemagick:imagemagick:6.5.7-4", "cpe:/a:imagemagick:imagemagick:6.6.1-7", "cpe:/a:imagemagick:imagemagick:6.3.3.0", "cpe:/a:imagemagick:imagemagick:6.6.7-3", "cpe:/a:imagemagick:imagemagick:5.5.6.0_20030409", "cpe:/a:imagemagick:imagemagick:6.5.4-3", "cpe:/a:imagemagick:imagemagick:6.7.1-4", "cpe:/a:imagemagick:imagemagick:6.5.6-6", "cpe:/a:imagemagick:imagemagick:5.5.6", "cpe:/a:imagemagick:imagemagick:5.4.7", "cpe:/a:imagemagick:imagemagick:6.3.9-1", "cpe:/a:imagemagick:imagemagick:6.3.6-4", "cpe:/a:imagemagick:imagemagick:6.2.2", "cpe:/a:imagemagick:imagemagick:5.3.9", "cpe:/a:imagemagick:imagemagick:6.7.2-10", "cpe:/a:imagemagick:imagemagick:6.5.6-7", "cpe:/a:imagemagick:imagemagick:6.4.1-7", "cpe:/a:imagemagick:imagemagick:6.4.2-9", "cpe:/a:imagemagick:imagemagick:6.4.1-8", "cpe:/a:imagemagick:imagemagick:5.2.4.3", "cpe:/a:imagemagick:imagemagick:6.4.7-6", "cpe:/a:imagemagick:imagemagick:6.3.2-3", "cpe:/a:imagemagick:imagemagick:6.3.5", "cpe:/a:imagemagick:imagemagick:6.3.9-2", "cpe:/a:imagemagick:imagemagick:6.2.1", "cpe:/a:imagemagick:imagemagick:6.5.8-6", "cpe:/a:imagemagick:imagemagick:6.4.7-10", "cpe:/a:imagemagick:imagemagick:6.5.6-8", "cpe:/a:imagemagick:imagemagick:6.1.9.4", "cpe:/a:imagemagick:imagemagick:6.6.5", "cpe:/a:imagemagick:imagemagick:6.5.0-2", "cpe:/a:imagemagick:imagemagick:6.4.8-10", "cpe:/a:imagemagick:imagemagick:6.4.8-3", "cpe:/a:imagemagick:imagemagick:6.3.3-3", "cpe:/a:imagemagick:imagemagick:6.7.0-1", "cpe:/a:imagemagick:imagemagick:6.6.5-10", "cpe:/a:imagemagick:imagemagick:6.3.0.2", "cpe:/a:imagemagick:imagemagick:5.5.7.31", "cpe:/a:imagemagick:imagemagick:6.4.3-3", "cpe:/a:imagemagick:imagemagick:6.1.8.7", "cpe:/a:imagemagick:imagemagick:4.2.9", "cpe:/a:imagemagick:imagemagick:6.5.5-2", "cpe:/a:imagemagick:imagemagick:6.3.1.3", "cpe:/a:imagemagick:imagemagick:6.6.2-8", "cpe:/a:imagemagick:imagemagick:6.3.2.0", "cpe:/a:imagemagick:imagemagick:6.7.3-2", "cpe:/a:imagemagick:imagemagick:6.4.9-2", "cpe:/a:imagemagick:imagemagick:6.1.5.8", "cpe:/a:imagemagick:imagemagick:6.6.2-2", "cpe:/a:imagemagick:imagemagick:6.3.5-5", "cpe:/a:imagemagick:imagemagick:6.5.2-2", "cpe:/a:imagemagick:imagemagick:6.3.9-7", "cpe:/a:imagemagick:imagemagick:5.3.4", "cpe:/a:imagemagick:imagemagick:6.3.9-5", "cpe:/a:imagemagick:imagemagick:6.7.3-0", "cpe:/a:imagemagick:imagemagick:6.4.4-1", "cpe:/a:imagemagick:imagemagick:6.7.3-1", "cpe:/a:imagemagick:imagemagick:6.3.4-5", "cpe:/a:imagemagick:imagemagick:6.3.3-8", "cpe:/a:imagemagick:imagemagick:6.5.7-1", "cpe:/a:imagemagick:imagemagick:6.7.1-5", "cpe:/a:imagemagick:imagemagick:6.5.0", "cpe:/a:imagemagick:imagemagick:5.4.2.3", "cpe:/a:imagemagick:imagemagick:6.2.9", "cpe:/a:imagemagick:imagemagick:6.7.4-8", "cpe:/a:imagemagick:imagemagick:6.4.7-5", "cpe:/a:imagemagick:imagemagick:6.1", "cpe:/a:imagemagick:imagemagick:6.5.7-3", "cpe:/a:imagemagick:imagemagick:6.6.6-1", "cpe:/a:imagemagick:imagemagick:6.7.2-3", "cpe:/a:imagemagick:imagemagick:6.6.9-9", "cpe:/a:imagemagick:imagemagick:6.3.6-3", "cpe:/a:imagemagick:imagemagick:6.5.5", "cpe:/a:imagemagick:imagemagick:5.4.8", "cpe:/a:imagemagick:imagemagick:6.4.8-9", "cpe:/a:imagemagick:imagemagick:6.0.3", "cpe:/a:imagemagick:imagemagick:5.5.7q8", "cpe:/a:imagemagick:imagemagick:6.3.1-7", "cpe:/a:imagemagick:imagemagick:6.3.3_3", "cpe:/a:imagemagick:imagemagick:6.6.5-1", "cpe:/a:imagemagick:imagemagick:6.3.9-8", "cpe:/a:imagemagick:imagemagick:6.4.7-1", "cpe:/a:imagemagick:imagemagick:6.3.4-6", "cpe:/a:imagemagick:imagemagick:6.4.9-7", "cpe:/a:imagemagick:imagemagick:6.5.8-8", "cpe:/a:imagemagick:imagemagick:6.5.9-6", "cpe:/a:imagemagick:imagemagick:6.3.4-9", "cpe:/a:imagemagick:imagemagick:6.6.2-7", "cpe:/a:imagemagick:imagemagick:6.6.3", "cpe:/a:imagemagick:imagemagick:6.3.3-7", "cpe:/a:imagemagick:imagemagick:6.5.9-1", "cpe:/a:imagemagick:imagemagick:6.5.0-9", "cpe:/a:imagemagick:imagemagick:6.5.6", "cpe:/a:imagemagick:imagemagick:6.6.2-6", "cpe:/a:imagemagick:imagemagick:6.3.2.6", "cpe:/a:imagemagick:imagemagick:6.7.2-2", "cpe:/a:imagemagick:imagemagick:6.3.6-2", "cpe:/a:imagemagick:imagemagick:6.0.5", "cpe:/a:imagemagick:imagemagick:6.1.3", "cpe:/a:imagemagick:imagemagick:6.4.2-6", "cpe:/a:imagemagick:imagemagick:6.3.2.7", "cpe:/a:imagemagick:imagemagick:6.5.8-1", "cpe:/a:imagemagick:imagemagick:6.4.5", "cpe:/a:imagemagick:imagemagick:6.7.4-0", "cpe:/a:imagemagick:imagemagick:6.2", "cpe:/a:imagemagick:imagemagick:6.3.3.3", "cpe:/a:imagemagick:imagemagick:6.4.8-8", "cpe:/a:imagemagick:imagemagick:6.4.6-2", "cpe:/a:imagemagick:imagemagick:6.3.6-10", "cpe:/a:imagemagick:imagemagick:6.5.5-5", "cpe:/a:imagemagick:imagemagick:6.4.5-9", "cpe:/a:imagemagick:imagemagick:6.3.7-5", "cpe:/a:imagemagick:imagemagick:6.6.5-7", "cpe:/a:imagemagick:imagemagick:6.6.0-1", "cpe:/a:imagemagick:imagemagick:5.5.1.4", "cpe:/a:imagemagick:imagemagick:6.3.3", "cpe:/a:imagemagick:imagemagick:6.5.4-10", "cpe:/a:imagemagick:imagemagick:6.5.0-7", "cpe:/a:imagemagick:imagemagick:6.3.6-9", "cpe:/a:imagemagick:imagemagick:6.5.4-5", "cpe:/a:imagemagick:imagemagick:6.5.5-9", "cpe:/a:imagemagick:imagemagick:6.6.5-8", "cpe:/a:imagemagick:imagemagick:6.4.1-3", "cpe:/a:imagemagick:imagemagick:6.4.8-1", "cpe:/a:imagemagick:imagemagick:6.3.9-10", "cpe:/a:imagemagick:imagemagick:6.6.4-2", "cpe:/a:imagemagick:imagemagick:6.3.1", "cpe:/a:imagemagick:imagemagick:6.5.3-6", "cpe:/a:imagemagick:imagemagick:6.7.3-9", "cpe:/a:imagemagick:imagemagick:6.2.1.7", "cpe:/a:imagemagick:imagemagick:6.5.1-6", "cpe:/a:imagemagick:imagemagick:6.2.8.0", "cpe:/a:imagemagick:imagemagick:6.6.7-2", "cpe:/a:imagemagick:imagemagick:5.5.2.5", "cpe:/a:imagemagick:imagemagick:5.4.9.1", "cpe:/a:imagemagick:imagemagick:6.7.3-10", "cpe:/a:imagemagick:imagemagick:6.7.2-9", "cpe:/a:imagemagick:imagemagick:5.4.6.3", "cpe:/a:imagemagick:imagemagick:6.6.1-8", "cpe:/a:imagemagick:imagemagick:6.5.8-2", "cpe:/a:imagemagick:imagemagick:6.6.1-4", "cpe:/a:imagemagick:imagemagick:6.4.6-4", "cpe:/a:imagemagick:imagemagick:6.6.9-8", "cpe:/a:imagemagick:imagemagick:6.3.2-2", "cpe:/a:imagemagick:imagemagick:6.6.2-5", "cpe:/a:imagemagick:imagemagick:6.2.8", "cpe:/a:imagemagick:imagemagick:6.3.3.4", "cpe:/a:imagemagick:imagemagick:6.7.1-7", "cpe:/a:imagemagick:imagemagick:6.1.3.7", "cpe:/a:imagemagick:imagemagick:6.4.5-4", "cpe:/a:imagemagick:imagemagick:6.6.9-0", "cpe:/a:imagemagick:imagemagick:6.4.3-10", "cpe:/a:imagemagick:imagemagick:6.6.2-1", "cpe:/a:imagemagick:imagemagick:6.3.9-9", "cpe:/a:imagemagick:imagemagick:6.5.6-10", "cpe:/a:imagemagick:imagemagick:6.4.0-10", "cpe:/a:imagemagick:imagemagick:6.3.6-5", "cpe:/a:imagemagick:imagemagick:6.7.4-1", "cpe:/a:imagemagick:imagemagick:6.4.8-6", "cpe:/a:imagemagick:imagemagick:6.1.7.5", "cpe:/a:imagemagick:imagemagick:6.5.1-5", "cpe:/a:imagemagick:imagemagick:6.0.6.2", "cpe:/a:imagemagick:imagemagick:6.3.4-3", "cpe:/a:imagemagick:imagemagick:6.6.3-7", "cpe:/a:imagemagick:imagemagick:6.1.0.9", "cpe:/a:imagemagick:imagemagick:6.0.5.3", "cpe:/a:imagemagick:imagemagick:6.5.0-10", "cpe:/a:imagemagick:imagemagick:5.4.7.4", "cpe:/a:imagemagick:imagemagick:6.6.9-5", "cpe:/a:imagemagick:imagemagick:6.4.6-8", "cpe:/a:imagemagick:imagemagick:6.5.8-5", "cpe:/a:imagemagick:imagemagick:6.5.2-3", "cpe:/a:imagemagick:imagemagick:6.3.3-6", "cpe:/a:imagemagick:imagemagick:6.2.5", "cpe:/a:imagemagick:imagemagick:5.2", "cpe:/a:imagemagick:imagemagick:6.5.9-7", "cpe:/a:imagemagick:imagemagick:6.3.7-10", "cpe:/a:imagemagick:imagemagick:6.4.2-2", "cpe:/a:imagemagick:imagemagick:6.5.8-3", "cpe:/a:imagemagick:imagemagick:6.6.6-9", "cpe:/a:imagemagick:imagemagick:6.3.3-9", "cpe:/a:imagemagick:imagemagick:6.4.0-4", "cpe:/a:imagemagick:imagemagick:6.7.4-6", "cpe:/a:imagemagick:imagemagick:6.3.2.4", "cpe:/a:imagemagick:imagemagick:6.3.9", "cpe:/a:imagemagick:imagemagick:6.4.6-1", "cpe:/a:imagemagick:imagemagick:6.3.7-1", "cpe:/a:imagemagick:imagemagick:6.6.1-5", "cpe:/a:imagemagick:imagemagick:6.3.5-6", "cpe:/a:imagemagick:imagemagick:5.5.7.35", "cpe:/a:imagemagick:imagemagick:6.7.0-10", "cpe:/a:imagemagick:imagemagick:6.2.9.2", "cpe:/a:imagemagick:imagemagick:6.5.3-1", "cpe:/a:imagemagick:imagemagick:6.3.3-2", "cpe:/a:imagemagick:imagemagick:6.6.1-9", "cpe:/a:imagemagick:imagemagick:6.3.8-1", "cpe:/a:imagemagick:imagemagick:6.3.0.8", "cpe:/a:imagemagick:imagemagick:6.7.1-6", "cpe:/a:imagemagick:imagemagick:6.6.0-2", "cpe:/a:imagemagick:imagemagick:6.3.1.4", "cpe:/a:imagemagick:imagemagick:6.6.8-0", "cpe:/a:imagemagick:imagemagick:6.5.9-5", "cpe:/a:imagemagick:imagemagick:6.4.3-2", "cpe:/a:imagemagick:imagemagick:6.3.2.1", "cpe:/a:imagemagick:imagemagick:6.5.0-3", "cpe:/a:imagemagick:imagemagick:6.2.4", "cpe:/a:imagemagick:imagemagick:6.7.0-7", "cpe:/a:imagemagick:imagemagick:6.6.7-0", "cpe:/a:imagemagick:imagemagick:6.4.4-8", "cpe:/a:imagemagick:imagemagick:6.3.3-4", "cpe:/a:imagemagick:imagemagick:6.6.3-10", "cpe:/a:imagemagick:imagemagick:6.7.3-3", "cpe:/a:imagemagick:imagemagick:6.6.4-6", "cpe:/a:imagemagick:imagemagick:6.5.6-2", "cpe:/a:imagemagick:imagemagick:6.3.6", "cpe:/a:imagemagick:imagemagick:6.6.5-5", "cpe:/a:imagemagick:imagemagick:6.3.0.4", "cpe:/a:imagemagick:imagemagick:5.4", "cpe:/a:imagemagick:imagemagick:6.5.9-8", "cpe:/a:imagemagick:imagemagick:6.5.7-5", "cpe:/a:imagemagick:imagemagick:6.6.1-1", "cpe:/a:imagemagick:imagemagick:6.6.6-10", "cpe:/a:imagemagick:imagemagick:6.4.7-9", "cpe:/a:imagemagick:imagemagick:6.3.6-1", "cpe:/a:imagemagick:imagemagick:6.5.7-9", "cpe:/a:imagemagick:imagemagick:6.3.0.7", "cpe:/a:imagemagick:imagemagick:6.6.1-6", "cpe:/a:imagemagick:imagemagick:6.4.9-10", "cpe:/a:imagemagick:imagemagick:6.3.4-4", "cpe:/a:imagemagick:imagemagick:6.3.4", "cpe:/a:imagemagick:imagemagick:5.5.4", "cpe:/a:imagemagick:imagemagick:6.5.6-4", "cpe:/a:imagemagick:imagemagick:6.5.2-6", "cpe:/a:imagemagick:imagemagick:6.7.4-4", "cpe:/a:imagemagick:imagemagick:6.3.4-2", "cpe:/a:imagemagick:imagemagick:6.7.4-7", "cpe:/a:imagemagick:imagemagick:6.2.7", "cpe:/a:imagemagick:imagemagick:6.3.1.6", "cpe:/a:imagemagick:imagemagick:6.7.0-8", "cpe:/a:imagemagick:imagemagick:6.2.0.4", "cpe:/a:imagemagick:imagemagick:5.5.7", "cpe:/a:imagemagick:imagemagick:6.4.1-6", "cpe:/a:imagemagick:imagemagick:6.6.9-4", "cpe:/a:imagemagick:imagemagick:6.3.0.3", "cpe:/a:imagemagick:imagemagick:6.0", "cpe:/a:imagemagick:imagemagick:5.5.3.2", "cpe:/a:imagemagick:imagemagick:5.3.0", "cpe:/a:imagemagick:imagemagick:5.5.5.3", "cpe:/a:imagemagick:imagemagick:6.5.5-4", "cpe:/a:imagemagick:imagemagick:6.3.3_6", "cpe:/a:imagemagick:imagemagick:6.2.0.8", "cpe:/a:imagemagick:imagemagick:6.6.6-7", "cpe:/a:imagemagick:imagemagick:6.4.1-2", "cpe:/a:imagemagick:imagemagick:6.4.3", "cpe:/a:imagemagick:imagemagick:6.1.2", "cpe:/a:imagemagick:imagemagick:6.7.0-0", "cpe:/a:imagemagick:imagemagick:6.5.0-6", "cpe:/a:imagemagick:imagemagick:6.6.9-1", "cpe:/a:imagemagick:imagemagick:6.0.2", "cpe:/a:imagemagick:imagemagick:6.7.4-3", "cpe:/a:imagemagick:imagemagick:6.5.1-3", "cpe:/a:imagemagick:imagemagick:5.4.0.5", "cpe:/a:imagemagick:imagemagick:6.5.3-3", "cpe:/a:imagemagick:imagemagick:5.4.8.3", "cpe:/a:imagemagick:imagemagick:6.3.8-6", "cpe:/a:imagemagick:imagemagick:6.0.4", "cpe:/a:imagemagick:imagemagick:6.4.1-4", "cpe:/a:imagemagick:imagemagick:6.6.2", "cpe:/a:imagemagick:imagemagick:6.3.0.1", "cpe:/a:imagemagick:imagemagick:6.4.7-7", "cpe:/a:imagemagick:imagemagick:6.7.4-5", "cpe:/a:imagemagick:imagemagick:6.7.3-4", "cpe:/a:imagemagick:imagemagick:6.6.7-4", "cpe:/a:imagemagick:imagemagick:5.4.3.11", "cpe:/a:imagemagick:imagemagick:6.5.0-1", "cpe:/a:imagemagick:imagemagick:6.3.4-8", "cpe:/a:imagemagick:imagemagick:6.6.9-10", "cpe:/a:imagemagick:imagemagick:6.7.4-2", "cpe:/a:imagemagick:imagemagick:6.4.3-8", "cpe:/a:imagemagick:imagemagick:5.5.3.2.1.2.0", "cpe:/a:imagemagick:imagemagick:6.4.9", "cpe:/a:imagemagick:imagemagick:6.6.0-6", "cpe:/a:imagemagick:imagemagick:6.7.4-9", "cpe:/a:imagemagick:imagemagick:6.3.7-2", "cpe:/a:imagemagick:imagemagick:6.5.9-10", "cpe:/a:imagemagick:imagemagick:6.3.3_5", "cpe:/a:imagemagick:imagemagick:6.3.7-7", "cpe:/a:imagemagick:imagemagick:6.1.5", "cpe:/a:imagemagick:imagemagick:6.5.6-9", "cpe:/a:imagemagick:imagemagick:6.5.1-1", "cpe:/a:imagemagick:imagemagick:6.5.2-5", "cpe:/a:imagemagick:imagemagick:6.3.2-7", "cpe:/a:imagemagick:imagemagick:6.4.2", "cpe:/a:imagemagick:imagemagick:6.6.9-7", "cpe:/a:imagemagick:imagemagick:6.3.1.7", "cpe:/a:imagemagick:imagemagick:6.4.2-7", "cpe:/a:imagemagick:imagemagick:6.3.8-7", "cpe:/a:imagemagick:imagemagick:6.5.1-4", "cpe:/a:imagemagick:imagemagick:6.2.4.5", "cpe:/a:imagemagick:imagemagick:6.6.6-4", "cpe:/a:imagemagick:imagemagick:6.0.8.3", "cpe:/a:imagemagick:imagemagick:6.6.1", "cpe:/a:imagemagick:imagemagick:6.7.0-5", "cpe:/a:imagemagick:imagemagick:6.5.2-7", "cpe:/a:imagemagick:imagemagick:6.5.3-7", "cpe:/a:imagemagick:imagemagick:6.0.8", "cpe:/a:imagemagick:imagemagick:6.5.2-8", "cpe:/a:imagemagick:imagemagick:6.6.4-9", "cpe:/a:imagemagick:imagemagick:6.6.3-5", "cpe:/a:imagemagick:imagemagick:6.0.7.3", "cpe:/a:imagemagick:imagemagick:6.6.5-3", "cpe:/a:imagemagick:imagemagick:6.0.2.7", "cpe:/a:imagemagick:imagemagick:6.4.0-5", "cpe:/a:imagemagick:imagemagick:6.5.8-9", "cpe:/a:imagemagick:imagemagick:6.3.2-4", "cpe:/a:imagemagick:imagemagick:6.6.9-3", "cpe:/a:imagemagick:imagemagick:6.4.6-9", "cpe:/a:imagemagick:imagemagick:6.7.1-1", "cpe:/a:imagemagick:imagemagick:6.4.3-6", "cpe:/a:imagemagick:imagemagick:6.3.8-3", "cpe:/a:imagemagick:imagemagick:6.5.9-3", "cpe:/a:imagemagick:imagemagick:6.3.8", "cpe:/a:imagemagick:imagemagick:6.4.2-4", "cpe:/a:imagemagick:imagemagick:6.4.3-1", "cpe:/a:imagemagick:imagemagick:6.4.9-9", "cpe:/a:imagemagick:imagemagick:6.5.3-10", "cpe:/a:imagemagick:imagemagick:6.4.7-2", "cpe:/a:imagemagick:imagemagick:6.5.4-7", "cpe:/a:imagemagick:imagemagick:6.4.8-7", "cpe:/a:imagemagick:imagemagick:6.3.8-10", "cpe:/a:imagemagick:imagemagick:6.3.2-6", "cpe:/a:imagemagick:imagemagick:6.5.5-8", "cpe:/a:imagemagick:imagemagick:6.4.4-3", "cpe:/a:imagemagick:imagemagick:5.5", "cpe:/a:imagemagick:imagemagick:6.2.8.3", "cpe:/a:imagemagick:imagemagick:6.4.7-3", "cpe:/a:imagemagick:imagemagick:6.6.6-8", "cpe:/a:imagemagick:imagemagick:6.3.1.1", "cpe:/a:imagemagick:imagemagick:6.6.7-5", "cpe:/a:imagemagick:imagemagick:6.7.2-0", "cpe:/a:imagemagick:imagemagick:6.6.3-1", "cpe:/a:imagemagick:imagemagick:6.5.4-8", "cpe:/a:imagemagick:imagemagick:6.4.1-9", "cpe:/a:imagemagick:imagemagick:6.4.4-7", "cpe:/a:imagemagick:imagemagick:6.5.0-8", "cpe:/a:imagemagick:imagemagick:6.4.7-8", "cpe:/a:imagemagick:imagemagick:6.7.2-5", "cpe:/a:imagemagick:imagemagick:6.7.0-9", "cpe:/a:imagemagick:imagemagick:6.5.2-9", "cpe:/a:imagemagick:imagemagick:6.5.3-5", "cpe:/a:imagemagick:imagemagick:5.3.1", "cpe:/a:imagemagick:imagemagick:6.3.2-1", "cpe:/a:imagemagick:imagemagick:6.3.4-10", "cpe:/a:imagemagick:imagemagick:6.4.2-5", "cpe:/a:imagemagick:imagemagick:6.1.7", "cpe:/a:imagemagick:imagemagick:6.7.0-3", "cpe:/a:imagemagick:imagemagick:6.2.0.3", "cpe:/a:imagemagick:imagemagick:6.6.3-4", "cpe:/a:imagemagick:imagemagick:6.3.2.5", "cpe:/a:imagemagick:imagemagick:6.6.6-0", "cpe:/a:imagemagick:imagemagick:6.6.9-6", "cpe:/a:imagemagick:imagemagick:6.6.3-2", "cpe:/a:imagemagick:imagemagick:6.6.1-3", "cpe:/a:imagemagick:imagemagick:6.5.7-8", "cpe:/a:imagemagick:imagemagick:6.5.8-4", "cpe:/a:imagemagick:imagemagick:6.6.2-10", "cpe:/a:imagemagick:imagemagick:6.5.1-10", "cpe:/a:imagemagick:imagemagick:6.4.0-1", "cpe:/a:imagemagick:imagemagick:6.4.5-7", "cpe:/a:imagemagick:imagemagick:6.5.7-6", "cpe:/a:imagemagick:imagemagick:6.3.6-6", "cpe:/a:imagemagick:imagemagick:6.3.5-9", "cpe:/a:imagemagick:imagemagick:6.3.3.2", "cpe:/a:imagemagick:imagemagick:6.5.7-2", "cpe:/a:imagemagick:imagemagick:6.5.1-7", "cpe:/a:imagemagick:imagemagick:6.3.9-6", "cpe:/a:imagemagick:imagemagick:6.6.0-8", "cpe:/a:imagemagick:imagemagick:6.2.3.6", "cpe:/a:imagemagick:imagemagick:6.1.1", "cpe:/a:imagemagick:imagemagick:6.0.3.5", "cpe:/a:imagemagick:imagemagick:6.4.2-10", "cpe:/a:imagemagick:imagemagick:6.6.0-5", "cpe:/a:imagemagick:imagemagick:6.4.8-5", "cpe:/a:imagemagick:imagemagick:6.2.6", "cpe:/a:imagemagick:imagemagick:6.5.1-2", "cpe:/a:imagemagick:imagemagick:6.5.3-4", "cpe:/a:imagemagick:imagemagick:6.3.2.8", "cpe:/a:imagemagick:imagemagick:6.6.6-6", "cpe:/a:imagemagick:imagemagick:5.4.3", "cpe:/a:imagemagick:imagemagick:6.1.4.5", "cpe:/a:imagemagick:imagemagick:6.6.4-7", "cpe:/a:imagemagick:imagemagick:6.5.5-1", "cpe:/a:imagemagick:imagemagick:5.3.8", "cpe:/a:imagemagick:imagemagick:6.1.1.6", "cpe:/a:imagemagick:imagemagick:6.6.0-10", "cpe:/a:imagemagick:imagemagick:5.3.7", "cpe:/a:imagemagick:imagemagick:6.1.2.7", "cpe:/a:imagemagick:imagemagick:6.4.1", "cpe:/a:imagemagick:imagemagick:6.0.0.7", "cpe:/a:imagemagick:imagemagick:6.0.1.4", "cpe:/a:imagemagick:imagemagick:6.6.4-1", "cpe:/a:imagemagick:imagemagick:6.0.1", "cpe:/a:imagemagick:imagemagick:6.7.3-8", "cpe:/a:imagemagick:imagemagick:6.6.0-9", "cpe:/a:imagemagick:imagemagick:6.3.1.0", "cpe:/a:imagemagick:imagemagick:6.4.6-6", "cpe:/a:imagemagick:imagemagick:6.5.3", "cpe:/a:imagemagick:imagemagick:6.2.4.3", "cpe:/a:imagemagick:imagemagick:6.1.4", "cpe:/a:imagemagick:imagemagick:6.7.1-9", "cpe:/a:imagemagick:imagemagick:6.2.3.4", "cpe:/a:imagemagick:imagemagick:6.5.7-7", "cpe:/a:imagemagick:imagemagick:6.4.6-5", "cpe:/a:imagemagick:imagemagick:5.5.4.4", "cpe:/a:imagemagick:imagemagick:6.4.9-5", "cpe:/a:imagemagick:imagemagick:5.5.7q16", "cpe:/a:imagemagick:imagemagick:6.7.1-2", "cpe:/a:imagemagick:imagemagick:6.3.1.5", "cpe:/a:imagemagick:imagemagick:6.1.6.9", "cpe:/a:imagemagick:imagemagick:6.5.2-10", "cpe:/a:imagemagick:imagemagick:6.4.1-1", "cpe:/a:imagemagick:imagemagick:6.5.0-5", "cpe:/a:imagemagick:imagemagick:6.6.4-10", "cpe:/a:imagemagick:imagemagick:6.7.4-10", "cpe:/a:imagemagick:imagemagick:6.4.2-1", "cpe:/a:imagemagick:imagemagick:6.6.2-9", "cpe:/a:imagemagick:imagemagick:6.4.5-6", "cpe:/a:imagemagick:imagemagick:6.3.5-10", "cpe:/a:imagemagick:imagemagick:6.6.7-10", "cpe:/a:imagemagick:imagemagick:5.3.5", "cpe:/a:imagemagick:imagemagick:6.3.9-4", "cpe:/a:imagemagick:imagemagick:6.4.8-2", "cpe:/a:imagemagick:imagemagick:6.7.1-0", "cpe:/a:imagemagick:imagemagick:6.4.4-5", "cpe:/a:imagemagick:imagemagick:6.4.4", "cpe:/a:imagemagick:imagemagick:6.6.5-9", "cpe:/a:imagemagick:imagemagick:6.6.7-8", "cpe:/a:imagemagick:imagemagick:6.6.6-2", "cpe:/a:imagemagick:imagemagick:5.5.6.0_2003-04-09", "cpe:/a:imagemagick:imagemagick:6.6.6-3", "cpe:/a:imagemagick:imagemagick:6.5.6-5", "cpe:/a:imagemagick:imagemagick:6.3.7-3", "cpe:/a:imagemagick:imagemagick:6.4.9-8", "cpe:/a:imagemagick:imagemagick:5.3.2", "cpe:/a:imagemagick:imagemagick:6.1.6", "cpe:/a:imagemagick:imagemagick:6.7.2-4", "cpe:/a:imagemagick:imagemagick:6.7.2-1", "cpe:/a:imagemagick:imagemagick:6.6.6-5", "cpe:/a:imagemagick:imagemagick:6.5.4-2", "cpe:/a:imagemagick:imagemagick:6.4.5-2", "cpe:/a:imagemagick:imagemagick:6.4.7-4", "cpe:/a:imagemagick:imagemagick:6.3.3-5", "cpe:/a:imagemagick:imagemagick:6.5.9", "cpe:/a:imagemagick:imagemagick:6.5.5-6", "cpe:/a:imagemagick:imagemagick:5.4.4.5", "cpe:/a:imagemagick:imagemagick:5.3", "cpe:/a:imagemagick:imagemagick:6.0.7", "cpe:/a:imagemagick:imagemagick:6.3.0.5", "cpe:/a:imagemagick:imagemagick:6.5.2-1", "cpe:/a:imagemagick:imagemagick:6.5.5-3", "cpe:/a:imagemagick:imagemagick:6.4.3-7", "cpe:/a:imagemagick:imagemagick:6.2.2.5", "cpe:/a:imagemagick:imagemagick:6.7.1-10", "cpe:/a:imagemagick:imagemagick:6.7.2-8", "cpe:/a:imagemagick:imagemagick:6.6.0", "cpe:/a:imagemagick:imagemagick:6.4.0-8", "cpe:/a:imagemagick:imagemagick:6.3.8-2", "cpe:/a:imagemagick:imagemagick:6.3.2.3"], "id": "CVE-2012-1185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1185", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:24", "references": ["http://www.imagemagick.org/script/download.php", "http://www.openwall.com/lists/oss-security/2012/03/19/5", "http://xforce.iss.net/xforce/xfdb/76140"], "pluginID": "1361412562310803814", "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "edition": 6, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-06-24T00:00:00", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Buffer overflow", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1185"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310803814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 11883 2018-10-12 13:31:09Z cfischer $\n#\n# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803814\");\n script_version(\"$Revision: 11883 $\");\n script_cve_id(\"CVE-2012-1185\");\n script_bugtraq_id(51957);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 15:31:09 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/76140\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a context-dependent attacker to cause\n denial of service condition or potentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"ImageMagick version 6.7.5 and earlier on Windows.\");\n script_tag(name:\"insight\", value:\"Integer overflow error occurs due to an improper sanitation of user supplied\n input when computing the sum of 'number_bytes' and 'offset' in\n magick/profile.c or magick/property.c with a specially crafted request.\");\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version 6.7.5-1 or later.\");\n script_xref(name:\"URL\", value:\"http://www.imagemagick.org/script/download.php\");\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"6.7.5.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.7.5.1\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:21", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:078", "2012:078"], "pluginID": "831591", "description": "Check for the Version of imagemagick", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831591", "id": "OPENVAS:831591", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in imagemagick:\n\n A flaw was found in the way ImageMagick processed images with malformed\n Exchangeable image file format (Exif) metadata. An attacker could\n create a specially-crafted image file that, when opened by a victim,\n would cause ImageMagick to crash or, potentially, execute arbitrary\n code (CVE-2012-0247).\n\n The updated packages have been patched to correct these issues.\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"imagemagick on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:078\");\n script_id(831591);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:51:09 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-1185\", \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1798\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:078\");\n script_name(\"Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imagemagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick4\", rpm:\"libmagick4~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick4\", rpm:\"lib64magick4~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:31", "references": ["http://www.debian.org/security/2012/dsa-2462.html"], "pluginID": "892462", "description": "Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-09-18T00:00:00", "title": "Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892462", "id": "OPENVAS:892462", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2462_2.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2462-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"imagemagick on Debian Linux\";\ntag_insight = \"ImageMagick is a software suite to create, edit, and compose bitmap images.\nIt can read, convert and write images in a variety of formats (over 100)\nincluding DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,\nSVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,\nshear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and Bzier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.4.0-5.\n\nWe recommend that you upgrade your imagemagick packages.\";\ntag_summary = \"Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892462);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-1798\", \"CVE-2012-1185\", \"CVE-2012-1610\", \"CVE-2012-1186\", \"CVE-2012-0260\", \"CVE-2012-0259\");\n script_name(\"Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2012/dsa-2462.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore3-extra\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:05:47", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:078", "2012:078"], "pluginID": "1361412562310831591", "description": "The remote host is missing an update for the ", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831591", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:078\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831591\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:51:09 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-1185\", \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1798\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:078\");\n script_name(\"Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"imagemagick on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in imagemagick:\n\n A flaw was found in the way ImageMagick processed images with malformed\n Exchangeable image file format (Exif) metadata. An attacker could\n create a specially-crafted image file that, when opened by a victim,\n would cause ImageMagick to crash or, potentially, execute arbitrary\n code (CVE-2012-0247).\n\n The updated packages have been patched to correct these issues.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick4\", rpm:\"libmagick4~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick4\", rpm:\"lib64magick4~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.7.0.9~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:24", "references": ["http://www.debian.org/security/2012/dsa-2462.html"], "pluginID": "1361412562310892462", "description": "Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-09-18T00:00:00", "title": "Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310892462", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892462", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2462_2.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2462-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"imagemagick on Debian Linux\";\ntag_insight = \"ImageMagick is a software suite to create, edit, and compose bitmap images.\nIt can read, convert and write images in a variety of formats (over 100)\nincluding DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript,\nSVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale,\nshear and transform images, adjust image colors, apply various special\neffects, or draw text, lines, polygons, ellipses and Bzier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.4.0-5.\n\nWe recommend that you upgrade your imagemagick packages.\";\ntag_summary = \"Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892462\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2012-1798\", \"CVE-2012-1185\", \"CVE-2012-1610\", \"CVE-2012-1186\", \"CVE-2012-0260\", \"CVE-2012-0259\");\n script_name(\"Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2012/dsa-2462.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore3-extra\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand3\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"6.6.0.4-3+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:39:53", "references": ["https://security.gentoo.org/glsa/201405-09"], "pluginID": "1361412562310121184", "description": "Gentoo Linux Local Security Checks GLSA 201405-09", "edition": 7, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Security Advisory GLSA 201405-09", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2014-2030", "CVE-2012-1186", "CVE-2012-0247", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-09.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121184\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:09 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-09\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-09\");\n script_cve_id(\"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2013-4298\", \"CVE-2014-1947\", \"CVE-2014-2030\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-09\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-gfx/imagemagick\", unaffected: make_list(\"ge 6.8.8.10\"), vulnerable: make_list(\"lt 6.8.8.10\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:05:44", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:077", "2012:077"], "pluginID": "1361412562310831673", "description": "The remote host is missing an update for the ", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:077\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831673\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:00:07 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2010-4167\", \"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-1185\",\n \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1798\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:077\");\n script_name(\"Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"imagemagick on Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in imagemagick:\n\n Untrusted search path vulnerability in configure.c in ImageMagick\n before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows\n local users to gain privileges via a Trojan horse configuration file\n in the current working directory (CVE-2010-4167).\n\n A flaw was found in the way ImageMagick processed images with malformed\n Exchangeable image file format (Exif) metadata. An attacker could\n create a specially-crafted image file that, when opened by a victim,\n would cause ImageMagick to crash or, potentially, execute arbitrary\n code (CVE-2012-0247).\n\n A denial of service flaw was found in the way ImageMagick processed\n images with malformed Exif metadata. An attacker could create a\n specially-crafted image file that, when opened by a victim, could\n cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\n The updated packages have been patched to correct these issues.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick1\", rpm:\"libmagick1~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick1\", rpm:\"lib64magick1~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick3\", rpm:\"libmagick3~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick3\", rpm:\"lib64magick3~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:31", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:077", "2012:077"], "pluginID": "831673", "description": "Check for the Version of imagemagick", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831673", "id": "OPENVAS:831673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in imagemagick:\n\n Untrusted search path vulnerability in configure.c in ImageMagick\n before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows\n local users to gain privileges via a Trojan horse configuration file\n in the current working directory (CVE-2010-4167).\n\n A flaw was found in the way ImageMagick processed images with malformed\n Exchangeable image file format (Exif) metadata. An attacker could\n create a specially-crafted image file that, when opened by a victim,\n would cause ImageMagick to crash or, potentially, execute arbitrary\n code (CVE-2012-0247).\n\n A denial of service flaw was found in the way ImageMagick processed\n images with malformed Exif metadata. An attacker could create a\n specially-crafted image file that, when opened by a victim, could\n cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\n The updated packages have been patched to correct these issues.\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"imagemagick on Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:077\");\n script_id(831673);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:00:07 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2010-4167\", \"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-1185\",\n \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1798\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:077\");\n script_name(\"Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imagemagick\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick1\", rpm:\"libmagick1~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick1\", rpm:\"lib64magick1~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.4.2.10~5.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"imagemagick\", rpm:\"imagemagick~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-desktop\", rpm:\"imagemagick-desktop~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"imagemagick-doc\", rpm:\"imagemagick-doc~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick3\", rpm:\"libmagick3~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmagick-devel\", rpm:\"libmagick-devel~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Image-Magick\", rpm:\"perl-Image-Magick~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick3\", rpm:\"lib64magick3~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64magick-devel\", rpm:\"lib64magick-devel~6.6.1.5~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:25", "references": ["http://www.ubuntu.com/usn/usn-1435-1/", "1435-1"], "pluginID": "840996", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1435-1", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-05-04T00:00:00", "title": "Ubuntu Update for imagemagick USN-1435-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840996", "id": "OPENVAS:840996", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1435_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for imagemagick USN-1435-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\n incorrectly handled certain ResolutionUnit tags. If a user or automated\n system using ImageMagick were tricked into opening a specially crafted\n image, an attacker could exploit this to cause a denial of service or\n possibly execute code with the privileges of the user invoking the program.\n (CVE-2012-0247, CVE-2012-1185)\n\n Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\n incorrectly handled certain IFD structures. If a user or automated\n system using ImageMagick were tricked into opening a specially crafted\n image, an attacker could exploit this to cause a denial of service.\n (CVE-2012-0248, CVE-2012-1186)\n\n Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that\n ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or\n automated system using ImageMagick were tricked into opening a specially\n crafted image, an attacker could exploit this to cause a denial of service.\n (CVE-2012-0259)\n\n It was discovered that ImageMagick incorrectly handled certain JPEG EXIF\n tags. If a user or automated system using ImageMagick were tricked into\n opening a specially crafted image, an attacker could exploit this to cause\n a denial of service or possibly execute code with the privileges of the\n user invoking the program. (CVE-2012-1610)\n\n Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that\n ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or\n automated system using ImageMagick were tricked into opening a specially\n crafted image, an attacker could exploit this to cause a denial of service\n or possibly execute code with the privileges of the user invoking the\n program. (CVE-2012-1798)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1435-1\";\ntag_affected = \"imagemagick on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1435-1/\");\n script_id(840996);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:47:56 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-1185\", \"CVE-2012-0248\", \"CVE-2012-1186\", \"CVE-2012-0259\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n script_xref(name: \"USN\", value: \"1435-1\");\n script_name(\"Ubuntu Update for imagemagick USN-1435-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.5.7.8-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++2\", ver:\"6.5.7.8-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.9.7-5ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"6.6.9.7-5ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.0.4-3ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.0.4-3ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.2.6-1ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.2.6-1ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:59:02", "references": ["http://www.ubuntu.com/usn/usn-1435-1/", "1435-1"], "pluginID": "1361412562310840996", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1435-1", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-05-04T00:00:00", "title": "Ubuntu Update for imagemagick USN-1435-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310840996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840996", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1435_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for imagemagick USN-1435-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1435-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840996\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:47:56 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-1185\", \"CVE-2012-0248\", \"CVE-2012-1186\", \"CVE-2012-0259\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n script_xref(name:\"USN\", value:\"1435-1\");\n script_name(\"Ubuntu Update for imagemagick USN-1435-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1435-1\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\n incorrectly handled certain ResolutionUnit tags. If a user or automated\n system using ImageMagick were tricked into opening a specially crafted\n image, an attacker could exploit this to cause a denial of service or\n possibly execute code with the privileges of the user invoking the program.\n (CVE-2012-0247, CVE-2012-1185)\n\n Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\n incorrectly handled certain IFD structures. If a user or automated\n system using ImageMagick were tricked into opening a specially crafted\n image, an attacker could exploit this to cause a denial of service.\n (CVE-2012-0248, CVE-2012-1186)\n\n Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that\n ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or\n automated system using ImageMagick were tricked into opening a specially\n crafted image, an attacker could exploit this to cause a denial of service.\n (CVE-2012-0259)\n\n It was discovered that ImageMagick incorrectly handled certain JPEG EXIF\n tags. If a user or automated system using ImageMagick were tricked into\n opening a specially crafted image, an attacker could exploit this to cause\n a denial of service or possibly execute code with the privileges of the\n user invoking the program. (CVE-2012-1610)\n\n Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that\n ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or\n automated system using ImageMagick were tricked into opening a specially\n crafted image, an attacker could exploit this to cause a denial of service\n or possibly execute code with the privileges of the user invoking the\n program. (CVE-2012-1798)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.5.7.8-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++2\", ver:\"6.5.7.8-1ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.9.7-5ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"6.6.9.7-5ubuntu3.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.0.4-3ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.0.4-3ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"6.6.2.6-1ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++3\", ver:\"6.6.2.6-1ubuntu4.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T02:49:05", "references": ["http://www.imagemagick.org/script/changelog.php", "http://www.nessus.org/u?36327a9d", "http://www.nessus.org/u?8e40b798", "https://www.openwall.com/lists/oss-security/2012/03/19/5"], "pluginID": "59369", "description": "The remote Windows host is running a version of ImageMagick earlier than 6.7.5-8 and is, therefore, affected by the following vulnerabilities :\n\n - The fix for CVE-2012-0247 was incomplete. An integer overflow error still exists and can lead to corrupted memory and arbitrary code execution when user-supplied input is not properly validated. (CVE-2012-1185)\n\n - The fix for CVE-2012-0248 was incomplete. An error in 'profile.c' still allows denial of service attacks when malformed executables are processed. (CVE-2012-1186)", "edition": 7, "reporter": "Tenable", "published": "2012-06-05T00:00:00", "title": "ImageMagick < 6.7.5-8 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1186", "CVE-2012-1185"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_6_7_5_8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59369);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\"CVE-2012-1185\", \"CVE-2012-1186\");\n script_bugtraq_id(51957);\n\n script_name(english:\"ImageMagick < 6.7.5-8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of ImageMagick\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of ImageMagick earlier\nthan 6.7.5-8 and is, therefore, affected by the following\nvulnerabilities :\n\n - The fix for CVE-2012-0247 was incomplete. An integer\n overflow error still exists and can lead to corrupted\n memory and arbitrary code execution when user-supplied\n input is not properly validated. (CVE-2012-1185)\n\n - The fix for CVE-2012-0248 was incomplete. An error in\n 'profile.c' still allows denial of service attacks when\n malformed executables are processed. (CVE-2012-1186)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.imagemagick.org/script/changelog.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36327a9d\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e40b798\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 6.7.5-8 or later. Alternatively, apply\nthe patches provided by the vendor.\n\nNote that you may need to manually uninstall the vulnerable version\nfrom the system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"ImageMagick\";\nfix = \"6.7.5\";\nfix_build = 8;\n\n# Get installs\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\ndisplay_version = install['display_version'];\nversion = install['version'];\nbuild = install['build'];\npath = install['path'];\n\nvuln = FALSE;\n\ndisplay_fix = fix + \"-\" + fix_build;\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n vuln = TRUE;\n\nif ((ver_compare(ver:version, fix:fix, strict:FALSE) == 0) &&\n build < fix_build\n )\n vuln = TRUE;\n\nif (vuln)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n items = make_array(\"Installed version\", display_version,\n \"Fixed version\", display_fix,\n \"Path\", path\n );\n\n order = make_list(\"Path\", \"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app, display_version, path);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:15", "references": ["https://security.gentoo.org/glsa/201405-09"], "pluginID": "74052", "description": "The remote host is affected by the vulnerability described in GLSA-201405-09 (ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.\n Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09.\n Impact :\n\n A remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2014-05-19T00:00:00", "title": "GLSA-201405-09 : ImageMagick: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2030", "CVE-2012-1186", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:imagemagick"], "id": "GENTOO_GLSA-201405-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74052);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2013-4298\", \"CVE-2014-1947\", \"CVE-2014-2030\");\n script_bugtraq_id(51957, 62080, 65478, 65683);\n script_xref(name:\"GLSA\", value:\"201405-09\");\n\n script_name(english:\"GLSA-201405-09 : ImageMagick: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-09\n(ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please\n review the CVE identifiers referenced below for details.\n Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete\n fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs\n were addressed in GLSA 201203-09.\n \nImpact :\n\n A remote attacker can utilize multiple vectors to execute arbitrary code\n or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ImageMagick users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.8.8.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/imagemagick\", unaffected:make_list(\"ge 6.8.8.10\"), vulnerable:make_list(\"lt 6.8.8.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T13:02:13", "references": ["https://www.debian.org/security/2012/dsa-2462", "https://packages.debian.org/source/squeeze/imagemagick"], "pluginID": "58908", "description": "Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.", "edition": 7, "reporter": "Tenable", "published": "2012-04-30T00:00:00", "title": "Debian DSA-2462-2 : imagemagick - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:imagemagick"], "id": "DEBIAN_DSA-2462.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2462. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58908);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n script_bugtraq_id(51957, 52898);\n script_xref(name:\"DSA\", value:\"2462\");\n\n script_name(english:\"Debian DSA-2462-2 : imagemagick - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several integer overflows and missing input validations were\ndiscovered in the ImageMagick image manipulation suite, resulting in\nthe execution of arbitrary code or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2462\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"imagemagick\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"imagemagick-dbg\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"imagemagick-doc\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagick++-dev\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagick++3\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagickcore-dev\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagickcore3\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagickcore3-extra\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagickwand-dev\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libmagickwand3\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"perlmagick\", reference:\"6.6.0.4-3+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:17", "references": [], "pluginID": "61952", "description": "Multiple vulnerabilities has been found and corrected in imagemagick :\n\nA flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility of an integer overflow when computing the sum of number_bytes and offset. This resulted in a wrap around into a value smaller than length, making original CVE-2012-0247 introduced length check still to be possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed certain Exif tags with a large components count. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to access invalid memory and crash (CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick processed certain TIFF image files. A remote attacker could provide a TIFF image with a specially crafted Exif IFD value (the set of tags for recording Exif-specific attribute information), which once opened by ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:078)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libmagick-devel", "p-cpe:/a:mandriva:linux:perl-Image-Magick", "p-cpe:/a:mandriva:linux:lib64magick4", "p-cpe:/a:mandriva:linux:imagemagick-doc", "p-cpe:/a:mandriva:linux:libmagick4", "p-cpe:/a:mandriva:linux:lib64magick-devel", "p-cpe:/a:mandriva:linux:imagemagick-desktop", "p-cpe:/a:mandriva:linux:imagemagick"], "id": "MANDRIVA_MDVSA-2012-078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61952", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61952);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\n \"CVE-2012-0247\",\n \"CVE-2012-0248\",\n \"CVE-2012-0259\",\n \"CVE-2012-0260\",\n \"CVE-2012-1185\",\n \"CVE-2012-1798\"\n );\n script_bugtraq_id(\n 51957,\n 52898\n );\n script_xref(name:\"MDVSA\", value:\"2012:078\");\n\n script_name(english:\"Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in imagemagick :\n\nA flaw was found in the way ImageMagick processed images with\nmalformed Exchangeable image file format (Exif) metadata. An attacker\ncould create a specially crafted image file that, when opened by a\nvictim, would cause ImageMagick to crash or, potentially, execute\narbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed\nimages with malformed Exif metadata. An attacker could create a\nspecially crafted image file that, when opened by a victim, could\ncause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility\nof an integer overflow when computing the sum of number_bytes and\noffset. This resulted in a wrap around into a value smaller than\nlength, making original CVE-2012-0247 introduced length check still to\nbe possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed\ncertain Exif tags with a large components count. An attacker could\ncreate a specially crafted image file that, when opened by a victim,\ncould cause ImageMagick to access invalid memory and crash\n(CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded\ncertain JPEG images. A remote attacker could provide a JPEG image with\nspecially crafted sequences of RST0 up to RST7 restart markers (used\nto indicate the input stream to be corrupted), which once processed by\nImageMagick, would cause it to consume excessive amounts of memory and\nCPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick\nprocessed certain TIFF image files. A remote attacker could provide a\nTIFF image with a specially crafted Exif IFD value (the set of tags\nfor recording Exif-specific attribute information), which once opened\nby ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"imagemagick-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"imagemagick-desktop-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"imagemagick-doc-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64magick-devel-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64magick4-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libmagick-devel-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libmagick4-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"perl-Image-Magick-6.7.0.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:51", "references": [], "pluginID": "59185", "description": "Multiple vulnerabilities has been found and corrected in imagemagick :\n\nUntrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory (CVE-2010-4167).\n\nA flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility of an integer overflow when computing the sum of number_bytes and offset. This resulted in a wrap around into a value smaller than length, making original CVE-2012-0247 introduced length check still to be possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed certain Exif tags with a large components count. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to access invalid memory and crash (CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick processed certain TIFF image files. A remote attacker could provide a TIFF image with a specially crafted Exif IFD value (the set of tags for recording Exif-specific attribute information), which once opened by ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2012-05-18T00:00:00", "title": "Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:077)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libmagick-devel", "p-cpe:/a:mandriva:linux:perl-Image-Magick", "p-cpe:/a:mandriva:linux:libmagick3", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:imagemagick-doc", "p-cpe:/a:mandriva:linux:lib64magick-devel", "p-cpe:/a:mandriva:linux:imagemagick-desktop", "p-cpe:/a:mandriva:linux:imagemagick", "p-cpe:/a:mandriva:linux:lib64magick3"], "id": "MANDRIVA_MDVSA-2012-077.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59185", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:077. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59185);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\n \"CVE-2010-4167\",\n \"CVE-2012-0247\",\n \"CVE-2012-0248\",\n \"CVE-2012-0259\",\n \"CVE-2012-0260\",\n \"CVE-2012-1185\",\n \"CVE-2012-1798\"\n );\n script_bugtraq_id(\n 45044,\n 51957,\n 52898\n );\n script_xref(name:\"MDVSA\", value:\"2012:077\");\n\n script_name(english:\"Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:077)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in imagemagick :\n\nUntrusted search path vulnerability in configure.c in ImageMagick\nbefore 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows\nlocal users to gain privileges via a Trojan horse configuration file\nin the current working directory (CVE-2010-4167).\n\nA flaw was found in the way ImageMagick processed images with\nmalformed Exchangeable image file format (Exif) metadata. An attacker\ncould create a specially crafted image file that, when opened by a\nvictim, would cause ImageMagick to crash or, potentially, execute\narbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed\nimages with malformed Exif metadata. An attacker could create a\nspecially crafted image file that, when opened by a victim, could\ncause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility\nof an integer overflow when computing the sum of number_bytes and\noffset. This resulted in a wrap around into a value smaller than\nlength, making original CVE-2012-0247 introduced length check still to\nbe possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed\ncertain Exif tags with a large components count. An attacker could\ncreate a specially crafted image file that, when opened by a victim,\ncould cause ImageMagick to access invalid memory and crash\n(CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded\ncertain JPEG images. A remote attacker could provide a JPEG image with\nspecially crafted sequences of RST0 up to RST7 restart markers (used\nto indicate the input stream to be corrupted), which once processed by\nImageMagick, would cause it to consume excessive amounts of memory and\nCPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick\nprocessed certain TIFF image files. A remote attacker could provide a\nTIFF image with a specially crafted Exif IFD value (the set of tags\nfor recording Exif-specific attribute information), which once opened\nby ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"imagemagick-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"imagemagick-desktop-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"imagemagick-doc-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64magick-devel-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64magick3-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmagick-devel-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libmagick3-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"perl-Image-Magick-6.6.1.5-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:35:32", "references": ["https://usn.ubuntu.com/1435-1/"], "pluginID": "58964", "description": "Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185)\n\nJoonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service.\n(CVE-2012-0248, CVE-2012-1186)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259)\n\nIt was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2012-05-02T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : imagemagick vulnerabilities (USN-1435-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libmagick++3", "cpe:/o:canonical:ubuntu_linux:11.04", "p-cpe:/a:canonical:ubuntu_linux:libmagick++4", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmagick++2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1435-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58964", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1435-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58964);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-0259\", \"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n script_bugtraq_id(51957, 52898);\n script_xref(name:\"USN\", value:\"1435-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : imagemagick vulnerabilities (USN-1435-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\nincorrectly handled certain ResolutionUnit tags. If a user or\nautomated system using ImageMagick were tricked into opening a\nspecially crafted image, an attacker could exploit this to cause a\ndenial of service or possibly execute code with the privileges of the\nuser invoking the program. (CVE-2012-0247, CVE-2012-1185)\n\nJoonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick\nincorrectly handled certain IFD structures. If a user or automated\nsystem using ImageMagick were tricked into opening a specially crafted\nimage, an attacker could exploit this to cause a denial of service.\n(CVE-2012-0248, CVE-2012-1186)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered\nthat ImageMagick incorrectly handled certain JPEG EXIF tags. If a user\nor automated system using ImageMagick were tricked into opening a\nspecially crafted image, an attacker could exploit this to cause a\ndenial of service. (CVE-2012-0259)\n\nIt was discovered that ImageMagick incorrectly handled certain JPEG\nEXIF tags. If a user or automated system using ImageMagick were\ntricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program. (CVE-2012-1610)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered\nthat ImageMagick incorrectly handled certain TIFF EXIF tags. If a user\nor automated system using ImageMagick were tricked into opening a\nspecially crafted image, an attacker could exploit this to cause a\ndenial of service or possibly execute code with the privileges of the\nuser invoking the program. (CVE-2012-1798).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1435-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"imagemagick\", pkgver:\"7:6.5.7.8-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmagick++2\", pkgver:\"7:6.5.7.8-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"imagemagick\", pkgver:\"7:6.6.2.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmagick++3\", pkgver:\"7:6.6.2.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"imagemagick\", pkgver:\"8:6.6.0.4-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmagick++3\", pkgver:\"8:6.6.0.4-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick\", pkgver:\"8:6.6.9.7-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagick++4\", pkgver:\"8:6.6.9.7-5ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / libmagick++2 / libmagick++3 / libmagick++4\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:52:27", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=752879", "https://bugzilla.novell.com/show_bug.cgi?id=746880", "https://bugzilla.novell.com/show_bug.cgi?id=758512", "https://bugzilla.novell.com/show_bug.cgi?id=754749", "https://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html"], "pluginID": "74644", "description": "Specially crafted files could cause overflows in ImageMagick", "edition": 6, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : ImageMagick (openSUSE-SU-2012:0692-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "p-cpe:/a:novell:opensuse:libMagick++5", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand4-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore5", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickWand5-32bit", "p-cpe:/a:novell:opensuse:libMagickWand5-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand4-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:libMagickWand5", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libMagick++4-debuginfo", "p-cpe:/a:novell:opensuse:libMagick++4", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:libMagickCore5-32bit", "p-cpe:/a:novell:opensuse:libMagickCore4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickCore5-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:libMagickWand4", "p-cpe:/a:novell:opensuse:libMagickWand5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickCore5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickCore4-debuginfo", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:libMagick++5-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore4-32bit", "p-cpe:/a:novell:opensuse:libMagickCore4", "p-cpe:/a:novell:opensuse:libMagick++-devel"], "id": "OPENSUSE-2012-310.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-310.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74644);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-SU-2012:0692-1)\");\n script_summary(english:\"Check for the openSUSE-2012-310 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted files could cause overflows in ImageMagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4|SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4 / 12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-debugsource-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-devel-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-extra-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ImageMagick-extra-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagick++-devel-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagick++4-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagick++4-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagickCore4-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagickCore4-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagickWand4-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libMagickWand4-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"perl-PerlMagick-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"perl-PerlMagick-debuginfo-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libMagickCore4-32bit-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libMagickCore4-debuginfo-32bit-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libMagickWand4-32bit-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libMagickWand4-debuginfo-32bit-6.6.5.8-8.71.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-debugsource-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-devel-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-extra-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ImageMagick-extra-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagick++-devel-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagick++5-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagick++5-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagickCore5-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagickCore5-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagickWand5-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libMagickWand5-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-PerlMagick-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-PerlMagick-debuginfo-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libMagickCore5-32bit-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libMagickCore5-debuginfo-32bit-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libMagickWand5-32bit-6.7.2.7-5.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libMagickWand5-debuginfo-32bit-6.7.2.7-5.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:05", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=752879", "http://support.novell.com/security/cve/CVE-2012-0260.html", "http://support.novell.com/security/cve/CVE-2012-1610.html", "https://bugzilla.novell.com/show_bug.cgi?id=746880", "https://bugzilla.novell.com/show_bug.cgi?id=758512", "https://bugzilla.novell.com/show_bug.cgi?id=754749", "http://support.novell.com/security/cve/CVE-2012-0259.html", "http://support.novell.com/security/cve/CVE-2012-1185.html", "http://support.novell.com/security/cve/CVE-2012-1798.html", "http://support.novell.com/security/cve/CVE-2012-1186.html", "http://support.novell.com/security/cve/CVE-2012-0247.html", "http://support.novell.com/security/cve/CVE-2012-0248.html"], "pluginID": "64158", "description": "This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files :\n\n - Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. (CVE-2012-0247 / CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 / CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive CPU consumption). (CVE-2012-0260)\n\n - Copying of invalid memory when reading TIFF EXIF IFD.\n (CVE-2012-1798)", "edition": 4, "reporter": "Tenable", "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : ImageMagick (SAT Patch Number 6226)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libMagickCore1-32bit", "p-cpe:/a:novell:suse_linux:11:libMagickWand1", "p-cpe:/a:novell:suse_linux:11:ImageMagick", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libMagick++1", "p-cpe:/a:novell:suse_linux:11:libMagickCore1"], "id": "SUSE_11_IMAGEMAGICK-120427.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64158", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64158);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:54 $\");\n\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-1610\", \"CVE-2012-1798\");\n\n script_name(english:\"SuSE 11.1 Security Update : ImageMagick (SAT Patch Number 6226)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of ImageMagick fixes multiple security vulnerabilities\nthat could be exploited by attackers via specially crafted image \nfiles :\n\n - Integer overflow when processing EXIF directory entries\n with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a\n large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could\n lead to memory corruption. (CVE-2012-0247 /\n CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 /\n CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive\n CPU consumption). (CVE-2012-0260)\n\n - Copying of invalid memory when reading TIFF EXIF IFD.\n (CVE-2012-1798)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0247.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0259.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0260.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1610.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1798.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6226.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libMagick++1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libMagickCore1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libMagickWand1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ImageMagick-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libMagick++1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libMagickCore1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libMagickWand1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ImageMagick-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libMagick++1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libMagickCore1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libMagickWand1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libMagickCore1-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:04", "references": ["http://support.novell.com/security/cve/CVE-2012-0260.html", "http://support.novell.com/security/cve/CVE-2012-1610.html", "http://support.novell.com/security/cve/CVE-2012-0259.html", "http://support.novell.com/security/cve/CVE-2012-1185.html", "http://support.novell.com/security/cve/CVE-2012-1186.html", "http://support.novell.com/security/cve/CVE-2012-0247.html", "http://support.novell.com/security/cve/CVE-2012-0248.html"], "pluginID": "59602", "description": "This update of ImageMagick fixes multiple security vulnerabilities that could have been exploited by attackers via specially crafted image files :\n\n - Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. (CVE-2012-0247 / CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 / CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive CPU consumption). (CVE-2012-0260)", "edition": 4, "reporter": "Tenable", "published": "2012-06-20T00:00:00", "title": "SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 8104)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1185"], "modified": "2012-06-20T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_IMAGEMAGICK-8104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59602);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/06/20 10:57:47 $\");\n\n script_cve_id(\"CVE-2012-0247\", \"CVE-2012-0248\", \"CVE-2012-0259\", \"CVE-2012-0260\", \"CVE-2012-1185\", \"CVE-2012-1186\", \"CVE-2012-1610\");\n\n script_name(english:\"SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 8104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of ImageMagick fixes multiple security vulnerabilities\nthat could have been exploited by attackers via specially crafted\nimage files :\n\n - Integer overflow when processing EXIF directory entries\n with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a\n large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could\n lead to memory corruption. (CVE-2012-0247 /\n CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 /\n CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive\n CPU consumption). (CVE-2012-0260)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0247.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0259.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0260.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1610.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8104.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ImageMagick-6.2.5-16.34.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ImageMagick-Magick++-6.2.5-16.34.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ImageMagick-devel-6.2.5-16.34.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"perl-PerlMagick-6.2.5-16.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28013"], "description": "Buffer overflows, insufficient user supplied data validation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-05-01T00:00:00", "title": "Imagemagic multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:47", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-01T00:00:00", "id": "SECURITYVULNS:VULN:12351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12351", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2462-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nApril 29, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : imagemagick\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 \r\n CVE-2012-1610 CVE-2012-1798\r\n\r\nSeveral integer overflows and missing input validations were discovered \r\nin the ImageMagick image manipulation suite, resulting in the execution\r\nof arbitrary code or denial of service.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 6.6.0.4-3+squeeze2.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 8:6.7.4.0-5.\r\n\r\nWe recommend that you upgrade your imagemagick packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAk+dLQ0ACgkQXm3vHE4uylpBQACgiSarSxkqazYl9N7thL8MHO0y\r\neaoAoMq0CxHFsfVcXvRd9hNyNrWkKbH9\r\n=lUr/\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-05-01T00:00:00", "title": "[SECURITY] [DSA 2462-1] imagemagick security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:44", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-01T00:00:00", "id": "SECURITYVULNS:DOC:28013", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28013", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:24", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick-doc_6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore3_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore-dev_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "perlmagick_6.6.0.4-3+squeeze3_all.deb", "packageName": "perlmagick", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickwand3_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickwand3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagick++3_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagick++3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore3-extra_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore3-extra", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick-dbg_6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagick++-dev_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagick++-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick_6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickwand-dev_6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickwand-dev", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2462-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 3, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 \n CVE-2012-1610 CVE-2012-1798\n\nThe initial update introduced a regression, which could lead to errors\nwhen processing some JPEG files.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze3.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2012-05-03T21:54:07", "title": "[SECURITY] [DSA 2462-2] imagemagick regression update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:24", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-03T21:54:07", "id": "DEBIAN:DSA-2462-2:3EE8E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00097.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "perlmagick_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "perlmagick", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick-dbg_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickwand3_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickwand3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore3_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "imagemagick-doc_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "imagemagick-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagick++-dev_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagick++-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore-dev_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickwand-dev_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickwand-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagick++3_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagick++3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "8:6.6.0.4-3+squeeze3", "arch": "all", "packageFilename": "libmagickcore3-extra_8:6.6.0.4-3+squeeze3_all.deb", "packageName": "libmagickcore3-extra", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2462-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 29, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0259 CVE-2012-0260 CVE-2012-1185 CVE-2012-1186 \n CVE-2012-1610 CVE-2012-1798\n\nSeveral integer overflows and missing input validations were discovered \nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.4.0-5.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2012-04-29T12:02:02", "title": "[SECURITY] [DSA 2462-1] imagemagick security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:52", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-04-29T12:02:02", "id": "DEBIAN:DSA-2462-1:6A00F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00094.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:12", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "src", "packageFilename": "ImageMagick-6.5.4.7-6.el6_2.src.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "src", "packageFilename": "ImageMagick-6.5.4.7-6.el6_2.src.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-perl-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-perl-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-devel-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-devel-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-c++-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-c++-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-c++-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-c++-devel-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-doc-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-doc-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "x86_64", "packageFilename": "ImageMagick-devel-6.5.4.7-6.el6_2.x86_64.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-c++-devel-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "6.5.4.7-6.el6_2", "arch": "i686", "packageFilename": "ImageMagick-c++-devel-6.5.4.7-6.el6_2.i686.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}], "description": "[6.5.4.7-6]\n- Add fix for CVE-2010-4167\n- Add fix for CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186\n- Add fix for CVE-2012-0259 CVE-2012-0260 CVE-2012-1798", "edition": 3, "reporter": "Oracle", "published": "2012-05-07T00:00:00", "title": "ImageMagick security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-07T00:00:00", "id": "ELSA-2012-0544", "href": "http://linux.oracle.com/errata/ELSA-2012-0544.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:53", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "x86_64", "packageFilename": "ImageMagick-devel-6.2.8.0-15.el5_8.x86_64.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "x86_64", "packageFilename": "ImageMagick-perl-6.2.8.0-15.el5_8.x86_64.rpm", "packageName": "ImageMagick-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-devel-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-devel-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-perl-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "x86_64", "packageFilename": "ImageMagick-c++-6.2.8.0-15.el5_8.x86_64.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "x86_64", "packageFilename": "ImageMagick-c++-devel-6.2.8.0-15.el5_8.x86_64.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "x86_64", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.x86_64.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "ia64", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.ia64.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "ia64", "packageFilename": "ImageMagick-c++-6.2.8.0-15.el5_8.ia64.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "ia64", "packageFilename": "ImageMagick-c++-devel-6.2.8.0-15.el5_8.ia64.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "src", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.src.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "src", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.src.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "src", "packageFilename": "ImageMagick-6.2.8.0-15.el5_8.src.rpm", "packageName": "ImageMagick", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "ia64", "packageFilename": "ImageMagick-devel-6.2.8.0-15.el5_8.ia64.rpm", "packageName": "ImageMagick-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-c++-devel-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-c++-devel-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-c++-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-c++-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "i386", "packageFilename": "ImageMagick-c++-6.2.8.0-15.el5_8.i386.rpm", "packageName": "ImageMagick-c++", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "6.2.8.0-15.el5_8", "arch": "ia64", "packageFilename": "ImageMagick-perl-6.2.8.0-15.el5_8.ia64.rpm", "packageName": "ImageMagick-perl", "operator": "lt"}], "description": "[6.2.8.0-15.el5]\n- Fix for PostScript conversion was incomplete, as larger documents\n would end up being cropped without the -g option (797364)\n[6.2.8.0-14.el5]\n- Add fix for CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186\n- Add fix for CVE-2012-0259 CVE-2012-0260 CVE-2012-1798\n[6.2.8.0-13.el5]\n- Fix PostScript conversion failing with /undefinedfilename (797364)", "edition": 3, "reporter": "Oracle", "published": "2012-05-07T00:00:00", "title": "ImageMagick security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-07T00:00:00", "id": "ELSA-2012-0545", "href": "http://linux.oracle.com/errata/ELSA-2012-0545.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:44", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1610", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0259", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0247", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1185", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1798", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1186", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0248"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "8:6.6.9.7-5ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libmagick++4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "7:6.6.2.6-1ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "7:6.5.7.8-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libmagick++2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "8:6.6.9.7-5ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "8:6.6.0.4-3ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "7:6.5.7.8-1ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "imagemagick", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "8:6.6.0.4-3ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libmagick++3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "7:6.6.2.6-1ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libmagick++3", "operator": "lt"}], "description": "Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185)\n\nJoonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259)\n\nIt was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798)", "edition": 3, "reporter": "Ubuntu", "published": "2012-05-01T00:00:00", "title": "ImageMagick vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "modified": "2012-05-01T00:00:00", "id": "USN-1435-1", "href": "https://usn.ubuntu.com/1435-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:20", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2030", "https://bugs.gentoo.org/show_bug.cgi?id=500988", "https://bugs.gentoo.org/show_bug.cgi?id=409431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4298", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1947", "https://bugs.gentoo.org/show_bug.cgi?id=506562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1186", "https://bugs.gentoo.org/show_bug.cgi?id=483032"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.8.8.10", "packageName": "media-gfx/imagemagick", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nImageMagick is a collection of tools and libraries for manipulating various image formats. \n\n### Description\n\nMultiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. \n\nNote that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09. \n\n### Impact\n\nA remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ImageMagick users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/imagemagick-6.8.8.10\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-05-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "ImageMagick: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0248", "CVE-2014-2030", "CVE-2012-1186", "CVE-2012-0247", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "modified": "2014-05-17T00:00:00", "id": "GLSA-201405-09", "href": "https://security.gentoo.org/glsa/201405-09", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
