ID OPENVAS:803814 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2017-12-19T00:00:00
Description
The host is installed with ImageMagick and is prone to integer
overflow Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 8173 2017-12-19 11:45:56Z cfischer $
#
# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)
#
# Authors:
# Thanga Prakash S <tprakash@secpod.com>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:imagemagick:imagemagick";
tag_impact = "Successful exploitation will allow a context-dependent attacker to cause
denial of service condition or potentially execute arbitrary code.
Impact Level: Application/System";
tag_affected = "ImageMagick version 6.7.5 and earlier on Windows.";
tag_insight = "Integer overflow error occurs due to an improper sanitation of user supplied
input when computing the sum of 'number_bytes' and 'offset' in
magick/profile.c or magick/property.c with a specially crafted request.";
tag_solution = "Upgrade to ImageMagick version 6.7.5-1 or later.
http://www.imagemagick.org/script/download.php";
tag_summary = "The host is installed with ImageMagick and is prone to integer
overflow Vulnerability.";
if(description)
{
script_id(803814);
script_version("$Revision: 8173 $");
script_cve_id("CVE-2012-1185");
script_bugtraq_id(51957);
script_tag(name:"last_modification", value:"$Date: 2017-12-19 12:45:56 +0100 (Tue, 19 Dec 2017) $");
script_tag(name:"creation_date", value:"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)");
script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/76140");
script_xref(name : "URL" , value : "http://www.openwall.com/lists/oss-security/2012/03/19/5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Buffer overflow");
script_dependencies("secpod_imagemagick_detect_win.nasl");
script_mandatory_keys("ImageMagick/Win/Installed");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );
vers = infos['version'];
path = infos['location'];
if( version_is_less( version:vers, test_version:"6.7.5.1" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"6.7.5.1", install_path:path );
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:803814", "bulletinFamily": "scanner", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "published": "2013-06-24T00:00:00", "modified": "2017-12-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803814", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.openwall.com/lists/oss-security/2012/03/19/5", "http://xforce.iss.net/xforce/xfdb/76140"], "cvelist": ["CVE-2012-1185"], "type": "openvas", "lastseen": "2017-12-20T13:22:29", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-1185"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "edition": 1, "enchantments": {}, "hash": "133a976a7bfdf3237c90454385319b212ca5b68bc6c6ad428fd4774fa452c792", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "80672d5ce50df8eddad4641ed73d4ed9", "key": "references"}, {"hash": "84dbcc306acbfff8a1ea95a4def4286b", "key": "title"}, {"hash": "c4b4036a2590e955204d8f301d435a7c", "key": "modified"}, {"hash": "8037a50d76be524b56e64878a4032708", "key": "sourceData"}, {"hash": "80c2da593ca3623c22b086d765467846", "key": "published"}, {"hash": "4305f85e9df40b9494932af6de9b2d63", "key": "pluginID"}, {"hash": "0679e4057b88e1df5f2d7c989c4fc7b1", "key": "description"}, {"hash": "7102510690caf406c70da96b66615864", "key": "cvelist"}, {"hash": "b9cc6a9f33ec12abd4e976263afc3918", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "a6bbc0cc10f2cd0bc95dee161e93e8e9", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=803814", "id": "OPENVAS:803814", "lastseen": "2017-07-02T21:11:01", "modified": "2017-05-15T00:00:00", "naslFamily": "Buffer overflow", "objectVersion": "1.3", "pluginID": "803814", "published": "2013-06-24T00:00:00", "references": ["http://www.openwall.com/lists/oss-security/2012/03/19/5", "http://xforce.iss.net/xforce/xfdb/76140"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 6125 2017-05-15 09:03:42Z teissa $\n#\n# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow a context-dependent attacker to cause\n denial of service condition or potentially execute arbitrary code.\n Impact Level: Application/System\";\n\ntag_affected = \"ImageMagick version 6.7.5 and earlier on Windows.\";\ntag_insight = \"Integer overflow error occurs due to an improper sanitation of user supplied\n input when computing the sum of 'number_bytes' and 'offset' in\n magick/profile.c or magick/property.c with a specially crafted request.\";\ntag_solution = \"Upgrade to ImageMagick version 6.7.5-1 or later.\n http://www.imagemagick.org/script/download.php\";\ntag_summary = \"The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.\";\n\nif(description)\n{\n script_id(803814);\n script_version(\"$Revision: 6125 $\");\n script_cve_id(\"CVE-2012-1185\");\n script_bugtraq_id(51957);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-15 11:03:42 +0200 (Mon, 15 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/76140\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nimageVer = get_kb_item(\"ImageMagick/Win/Ver\");\nif(!imageVer){\n exit(0);\n}\n\nif(version_is_less(version:imageVer, test_version:\"6.7.5.1\"))\n{\n security_message(0);\n exit(0);\n}\n", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:01"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "7102510690caf406c70da96b66615864"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "0679e4057b88e1df5f2d7c989c4fc7b1"}, {"key": "href", "hash": "a6bbc0cc10f2cd0bc95dee161e93e8e9"}, {"key": "modified", "hash": "2b640ad6a8085d904bddcda9924e34ea"}, {"key": "naslFamily", "hash": "b9cc6a9f33ec12abd4e976263afc3918"}, {"key": "pluginID", "hash": "4305f85e9df40b9494932af6de9b2d63"}, {"key": "published", "hash": "80c2da593ca3623c22b086d765467846"}, {"key": "references", "hash": "80672d5ce50df8eddad4641ed73d4ed9"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "sourceData", "hash": "2194403dc4d02ec799cbe01f1c9505d7"}, {"key": "title", "hash": "84dbcc306acbfff8a1ea95a4def4286b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "7826f1994810055ba1d468a94580cebdecf175df1976edd30a7e4e367a6b0597", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_imagemagick_integer_overflow_vuln01_jun13_win.nasl 8173 2017-12-19 11:45:56Z cfischer $\n#\n# ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\ntag_impact = \"Successful exploitation will allow a context-dependent attacker to cause\n denial of service condition or potentially execute arbitrary code.\n Impact Level: Application/System\";\n\ntag_affected = \"ImageMagick version 6.7.5 and earlier on Windows.\";\ntag_insight = \"Integer overflow error occurs due to an improper sanitation of user supplied\n input when computing the sum of 'number_bytes' and 'offset' in\n magick/profile.c or magick/property.c with a specially crafted request.\";\ntag_solution = \"Upgrade to ImageMagick version 6.7.5-1 or later.\n http://www.imagemagick.org/script/download.php\";\ntag_summary = \"The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.\";\n\nif(description)\n{\n script_id(803814);\n script_version(\"$Revision: 8173 $\");\n script_cve_id(\"CVE-2012-1185\");\n script_bugtraq_id(51957);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 12:45:56 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 11:06:50 +0530 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/76140\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2012/03/19/5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"6.7.5.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.7.5.1\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "Buffer overflow", "pluginID": "803814"}
{"result": {"cve": [{"id": "CVE-2012-1185", "type": "cve", "title": "CVE-2012-1185", "description": "Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.", "published": "2012-06-05T18:55:09", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1185", "cvelist": ["CVE-2012-1185"], "lastseen": "2017-08-29T12:17:34"}], "openvas": [{"id": "OPENVAS:1361412562310803814", "type": "openvas", "title": "ImageMagick Integer Overflow Vulnerability - 01 June13 (Windows)", "description": "The host is installed with ImageMagick and is prone to integer\n overflow Vulnerability.", "published": "2013-06-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803814", "cvelist": ["CVE-2012-1185"], "lastseen": "2018-04-06T11:21:09"}, {"id": "OPENVAS:1361412562310831591", "type": "openvas", "title": "Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)", "description": "Check for the Version of imagemagick", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831591", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-04-06T11:20:34"}, {"id": "OPENVAS:831591", "type": "openvas", "title": "Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)", "description": "Check for the Version of imagemagick", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831591", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-01-02T10:58:21"}, {"id": "OPENVAS:892462", "type": "openvas", "title": "Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)", "description": "Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.", "published": "2013-09-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892462", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-07-24T12:51:31"}, {"id": "OPENVAS:1361412562310892462", "type": "openvas", "title": "Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)", "description": "Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.", "published": "2013-09-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892462", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-04-06T11:21:35"}, {"id": "OPENVAS:1361412562310840996", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-1435-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1435-1", "published": "2012-05-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840996", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-04-06T11:18:36"}, {"id": "OPENVAS:1361412562310831673", "type": "openvas", "title": "Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)", "description": "Check for the Version of imagemagick", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831673", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-04-06T11:16:46"}, {"id": "OPENVAS:1361412562310121184", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201405-09", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201405-09", "published": "2015-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121184", "cvelist": ["CVE-2012-0248", "CVE-2014-2030", "CVE-2012-1186", "CVE-2012-0247", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "lastseen": "2018-04-09T11:28:21"}, {"id": "OPENVAS:831673", "type": "openvas", "title": "Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)", "description": "Check for the Version of imagemagick", "published": "2012-08-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831673", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-01-02T10:56:31"}, {"id": "OPENVAS:1361412562310123925", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0544", "description": "Oracle Linux Local Security Checks ELSA-2012-0544", "published": "2015-10-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123925", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-07-24T12:53:35"}], "nessus": [{"id": "IMAGEMAGICK_6_7_5_8.NASL", "type": "nessus", "title": "ImageMagick < 6.7.5-8 Multiple Vulnerabilities", "description": "The remote Windows host is running a version of ImageMagick earlier than 6.7.5-8 and is, therefore, affected by the following vulnerabilities :\n\n - The fix for CVE-2012-0247 was incomplete. An integer overflow error still exists and can lead to corrupted memory and arbitrary code execution when user-supplied input is not properly validated. (CVE-2012-1185)\n\n - The fix for CVE-2012-0248 was incomplete. An error in 'profile.c' still allows denial of service attacks when malformed executables are processed. (CVE-2012-1186)", "published": "2012-06-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59369", "cvelist": ["CVE-2012-1186", "CVE-2012-1185"], "lastseen": "2017-10-29T13:33:03"}, {"id": "GENTOO_GLSA-201405-09.NASL", "type": "nessus", "title": "GLSA-201405-09 : ImageMagick: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201405-09 (ImageMagick: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.\n Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09.\n Impact :\n\n A remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-05-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74052", "cvelist": ["CVE-2014-2030", "CVE-2012-1186", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "lastseen": "2017-10-29T13:43:44"}, {"id": "MANDRIVA_MDVSA-2012-078.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:078)", "description": "Multiple vulnerabilities has been found and corrected in imagemagick :\n\nA flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility of an integer overflow when computing the sum of number_bytes and offset. This resulted in a wrap around into a value smaller than length, making original CVE-2012-0247 introduced length check still to be possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed certain Exif tags with a large components count. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to access invalid memory and crash (CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick processed certain TIFF image files. A remote attacker could provide a TIFF image with a specially crafted Exif IFD value (the set of tags for recording Exif-specific attribute information), which once opened by ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.", "published": "2012-09-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61952", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:34:22"}, {"id": "DEBIAN_DSA-2462.NASL", "type": "nessus", "title": "Debian DSA-2462-2 : imagemagick - several vulnerabilities", "description": "Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.", "published": "2012-04-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58908", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:43:14"}, {"id": "SUSE_IMAGEMAGICK-8104.NASL", "type": "nessus", "title": "SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 8104)", "description": "This update of ImageMagick fixes multiple security vulnerabilities that could have been exploited by attackers via specially crafted image files :\n\n - Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. (CVE-2012-0247 / CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 / CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive CPU consumption). (CVE-2012-0260)", "published": "2012-06-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59602", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1185"], "lastseen": "2017-10-29T13:45:45"}, {"id": "MANDRIVA_MDVSA-2012-077.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:077)", "description": "Multiple vulnerabilities has been found and corrected in imagemagick :\n\nUntrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory (CVE-2010-4167).\n\nA flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247).\n\nA denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop (CVE-2012-0248).\n\nThe original fix for CVE-2012-0247 failed to check for the possibility of an integer overflow when computing the sum of number_bytes and offset. This resulted in a wrap around into a value smaller than length, making original CVE-2012-0247 introduced length check still to be possible to bypass, leading to memory corruption (CVE-2012-1185).\n\nAn integer overflow flaw was found in the way ImageMagick processed certain Exif tags with a large components count. An attacker could create a specially crafted image file that, when opened by a victim, could cause ImageMagick to access invalid memory and crash (CVE-2012-0259).\n\nA denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time (CVE-2012-0260).\n\nAn out-of-bounds buffer read flaw was found in the way ImageMagick processed certain TIFF image files. A remote attacker could provide a TIFF image with a specially crafted Exif IFD value (the set of tags for recording Exif-specific attribute information), which once opened by ImageMagick, would cause it to crash (CVE-2012-1798).\n\nThe updated packages have been patched to correct these issues.", "published": "2012-05-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59185", "cvelist": ["CVE-2012-0248", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:45:40"}, {"id": "UBUNTU_USN-1435-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : imagemagick vulnerabilities (USN-1435-1)", "description": "Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185)\n\nJoonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service.\n(CVE-2012-0248, CVE-2012-1186)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259)\n\nIt was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-05-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58964", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:39:54"}, {"id": "OPENSUSE-2012-310.NASL", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-SU-2012:0692-1)", "description": "Specially crafted files could cause overflows in ImageMagick", "published": "2014-06-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74644", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:37:29"}, {"id": "SUSE_11_IMAGEMAGICK-120427.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : ImageMagick (SAT Patch Number 6226)", "description": "This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files :\n\n - Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. (CVE-2012-0259 / CVE-2012-1610)\n\n - Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. (CVE-2012-0247 / CVE-2012-1185)\n\n - Denial of service via 'profile.c'. (CVE-2012-0248 / CVE-2012-1186)\n\n - Denial of service via JPEG restart markers (excessive CPU consumption). (CVE-2012-0260)\n\n - Copying of invalid memory when reading TIFF EXIF IFD.\n (CVE-2012-1798)", "published": "2013-01-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64158", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2017-10-29T13:35:25"}], "debian": [{"id": "DSA-2462", "type": "debian", "title": "imagemagick -- several vulnerabilities", "description": "Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 6.6.0.4-3+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 8:6.7.4.0-5.\n\nWe recommend that you upgrade your imagemagick packages.", "published": "2012-05-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2462", "cvelist": ["CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2016-09-02T18:34:20"}], "oraclelinux": [{"id": "ELSA-2012-0545", "type": "oraclelinux", "title": "ImageMagick security and bug fix update", "description": "[6.2.8.0-15.el5]\n- Fix for PostScript conversion was incomplete, as larger documents\n would end up being cropped without the -g option (797364)\n[6.2.8.0-14.el5]\n- Add fix for CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186\n- Add fix for CVE-2012-0259 CVE-2012-0260 CVE-2012-1798\n[6.2.8.0-13.el5]\n- Fix PostScript conversion failing with /undefinedfilename (797364)", "published": "2012-05-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0545.html", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2016-09-04T11:16:36"}, {"id": "ELSA-2012-0544", "type": "oraclelinux", "title": "ImageMagick security update", "description": "[6.5.4.7-6]\n- Add fix for CVE-2010-4167\n- Add fix for CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186\n- Add fix for CVE-2012-0259 CVE-2012-0260 CVE-2012-1798", "published": "2012-05-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0544.html", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2010-4167", "CVE-2012-0260", "CVE-2012-0247", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2016-09-04T11:16:36"}], "gentoo": [{"id": "GLSA-201405-09", "type": "gentoo", "title": "ImageMagick: Multiple vulnerabilities", "description": "### Background\n\nImageMagick is a collection of tools and libraries for manipulating various image formats. \n\n### Description\n\nMultiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. \n\nNote that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09. \n\n### Impact\n\nA remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ImageMagick users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/imagemagick-6.8.8.10\"", "published": "2014-05-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201405-09", "cvelist": ["CVE-2012-0248", "CVE-2014-2030", "CVE-2012-1186", "CVE-2012-0247", "CVE-2012-1185", "CVE-2013-4298", "CVE-2014-1947"], "lastseen": "2016-09-06T19:46:20"}], "ubuntu": [{"id": "USN-1435-1", "type": "ubuntu", "title": "ImageMagick vulnerabilities", "description": "Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-0247, CVE-2012-1185)\n\nJoonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0248, CVE-2012-1186)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2012-0259)\n\nIt was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1610)\n\nAleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2012-1798)", "published": "2012-05-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1435-1/", "cvelist": ["CVE-2012-0248", "CVE-2012-1186", "CVE-2012-0259", "CVE-2012-0247", "CVE-2012-1610", "CVE-2012-1798", "CVE-2012-1185"], "lastseen": "2018-03-29T18:19:44"}]}}