DATABASE RESOURCES PRICING ABOUT US

{"id": "SUSE-SU-2017:3388-1", "vendorId": null, "type": "suse", "bulletinFamily": "unix", "title": "Security update for ImageMagick (important)", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers\n to cause a denial of service [bsc#1050083]\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n", "published": "2017-12-20T18:36:37", "modified": "2017-12-20T18:36:37", "epss": [{"cve": "CVE-2017-14531", "epss": 0.00213, "percentile": 0.59139, "modified": "2023-11-26"}, {"cve": "CVE-2017-14175", "epss": 0.00498, "percentile": 0.73607, "modified": "2023-11-26"}, {"cve": "CVE-2017-14138", "epss": 0.00338, "percentile": 0.68198, "modified": "2023-11-26"}, {"cve": "CVE-2017-11523", "epss": 0.01332, "percentile": 0.84517, "modified": "2023-11-26"}, {"cve": "CVE-2017-12587", "epss": 0.00304, "percentile": 0.66398, "modified": "2023-11-26"}, {"cve": "CVE-2017-11478", "epss": 0.00121, "percentile": 0.46113, "modified": "2023-11-26"}, {"cve": "CVE-2017-12983", "epss": 0.00807, "percentile": 0.79763, "modified": "2023-11-26"}, {"cve": "CVE-2017-11527", "epss": 0.00108, "percentile": 0.43508, "modified": "2023-11-26"}, {"cve": "CVE-2017-14172", "epss": 0.00498, "percentile": 0.73607, "modified": "2023-11-26"}, {"cve": "CVE-2017-16546", "epss": 0.02144, "percentile": 0.8806, "modified": "2023-11-26"}, {"cve": "CVE-2017-14989", "epss": 0.00238, "percentile": 0.61746, "modified": "2023-11-26"}, {"cve": "CVE-2017-14173", "epss": 0.00411, "percentile": 0.71073, "modified": "2023-11-26"}, {"cve": "CVE-2017-12644", "epss": 0.00456, "percentile": 0.72483, "modified": "2023-11-26"}, {"cve": "CVE-2017-11188", "epss": 0.00099, "percentile": 0.40732, "modified": "2023-11-26"}, {"cve": "CVE-2017-14607", "epss": 0.0044, "percentile": 0.71986, "modified": "2023-11-26"}, {"cve": "CVE-2017-15217", "epss": 0.00213, "percentile": 0.59139, "modified": "2023-11-26"}, {"cve": "CVE-2017-15930", "epss": 0.00698, "percentile": 0.78014, "modified": "2023-11-26"}, {"cve": "CVE-2017-14341", "epss": 0.00303, "percentile": 0.66307, "modified": "2023-11-26"}, {"cve": "CVE-2017-12140", "epss": 0.00363, "percentile": 0.69276, "modified": "2023-11-26"}, {"cve": "CVE-2017-11752", "epss": 0.00139, "percentile": 0.49286, "modified": "2023-11-26"}, {"cve": "CVE-2017-14682", "epss": 0.00612, "percentile": 0.76288, "modified": "2023-11-26"}, {"cve": "CVE-2017-13134", "epss": 0.00557, "percentile": 0.75037, "modified": "2023-11-26"}, {"cve": "CVE-2017-13769", "epss": 0.00407, "percentile": 0.70949, "modified": "2023-11-26"}, {"cve": "CVE-2017-16669", "epss": 0.00879, "percentile": 0.80627, "modified": "2023-11-26"}, {"cve": "CVE-2017-14733", "epss": 0.00723, "percentile": 0.78476, "modified": "2023-11-26"}, {"cve": "CVE-2017-16545", "epss": 0.01156, "percentile": 0.83249, "modified": "2023-11-26"}, {"cve": "CVE-2017-12669", "epss": 0.00169, "percentile": 0.53877, "modified": "2023-11-26"}, {"cve": "CVE-2017-12435", "epss": 0.00331, "percentile": 0.67931, "modified": "2023-11-26"}, {"cve": "CVE-2017-11640", "epss": 0.00413, "percentile": 0.71127, "modified": "2023-11-26"}, {"cve": "CVE-2017-11535", "epss": 0.00234, "percentile": 0.61398, "modified": "2023-11-26"}, {"cve": "CVE-2017-12662", "epss": 0.0031, "percentile": 0.66751, "modified": "2023-11-26"}, {"cve": "CVE-2017-14342", "epss": 0.00097, "percentile": 0.40398, "modified": "2023-11-26"}], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00082.html", "reporter": "Suse", "references": ["https://bugzilla.suse.com/1052758", "https://bugzilla.suse.com/1050083", "https://bugzilla.suse.com/1051847", "https://bugzilla.suse.com/1056432", "https://bugzilla.suse.com/1067181", "https://bugzilla.suse.com/1052553", "https://bugzilla.suse.com/1052689", "https://bugzilla.suse.com/1067184", "https://bugzilla.suse.com/1062750", "https://bugzilla.suse.com/1052764", "https://bugzilla.suse.com/1050116", "https://bugzilla.suse.com/1057157", "https://bugzilla.suse.com/1052450", "https://bugzilla.suse.com/1048457", "https://bugzilla.suse.com/1067409", "https://bugzilla.suse.com/1055214", "https://bugzilla.suse.com/1059666", "https://bugzilla.suse.com/1049796", "https://bugzilla.suse.com/1054757", "https://bugzilla.suse.com/1058485", "https://bugzilla.suse.com/1050139", "https://bugzilla.suse.com/1057719", "https://bugzilla.suse.com/1057730", "https://bugzilla.suse.com/1066003", "https://bugzilla.suse.com/1061254", "https://bugzilla.suse.com/1051441", "https://bugzilla.suse.com/1060176", "https://bugzilla.suse.com/1057729", "https://bugzilla.suse.com/1058637", "https://bugzilla.suse.com/1052744", "https://bugzilla.suse.com/1059778", "https://bugzilla.suse.com/1060577", "https://bugzilla.suse.com/1050632"], "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "immutableFields": [], "lastseen": "2021-06-08T18:39:00", "viewCount": 266, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2017-13134", "ALPINE:CVE-2017-14733", "ALPINE:CVE-2017-15930", "ALPINE:CVE-2017-16545", "ALPINE:CVE-2017-16669"]}, {"type": "amazon", "idList": ["ALAS-2018-966"]}, {"type": "archlinux", "idList": ["ASA-201801-7"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0786D81DB4A901AA3B5284FE6A0FCD9C", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C"]}, {"type": "cve", "idList": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14138", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14733", "CVE-2017-14989", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1131-1:F4DB2", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DLA-1168-1:C7018", "DEBIAN:DLA-1170-1:0834A", "DEBIAN:DLA-1401-1:300F8", "DEBIAN:DLA-1401-1:A41C0", "DEBIAN:DLA-1456-1:6B17B", "DEBIAN:DLA-1785-1:40B92", "DEBIAN:DLA-1785-1:C1442", "DEBIAN:DLA-2366-1:3ECD0", "DEBIAN:DLA-2366-1:54E1C", "DEBIAN:DSA-3914-1:48C64", "DEBIAN:DSA-4019-1:AFDE4", "DEBIAN:DSA-4032-1:08B80", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4074-1:AED98", "DEBIAN:DSA-4204-1:1D5FF", "DEBIAN:DSA-4204-1:271DB", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11188", "DEBIANCVE:CVE-2017-11478", "DEBIANCVE:CVE-2017-11523", "DEBIANCVE:CVE-2017-11527", "DEBIANCVE:CVE-2017-11535", "DEBIANCVE:CVE-2017-11640", "DEBIANCVE:CVE-2017-11752", "DEBIANCVE:CVE-2017-12140", "DEBIANCVE:CVE-2017-12435", "DEBIANCVE:CVE-2017-12587", "DEBIANCVE:CVE-2017-12644", "DEBIANCVE:CVE-2017-12662", "DEBIANCVE:CVE-2017-12669", "DEBIANCVE:CVE-2017-12983", "DEBIANCVE:CVE-2017-13134", "DEBIANCVE:CVE-2017-13769", "DEBIANCVE:CVE-2017-14138", "DEBIANCVE:CVE-2017-14172", "DEBIANCVE:CVE-2017-14173", "DEBIANCVE:CVE-2017-14175", "DEBIANCVE:CVE-2017-14341", "DEBIANCVE:CVE-2017-14342", "DEBIANCVE:CVE-2017-14531", "DEBIANCVE:CVE-2017-14607", "DEBIANCVE:CVE-2017-14682", "DEBIANCVE:CVE-2017-14733", "DEBIANCVE:CVE-2017-14989", "DEBIANCVE:CVE-2017-15217", "DEBIANCVE:CVE-2017-15930", "DEBIANCVE:CVE-2017-16545", "DEBIANCVE:CVE-2017-16546", "DEBIANCVE:CVE-2017-16669"]}, {"type": "fedora", "idList": ["FEDORA:082456076F55", "FEDORA:137B4601EDDC", "FEDORA:2A5176076F55", "FEDORA:30E8F601EDDA", "FEDORA:408C160062DD", "FEDORA:4FEEB6076F55", "FEDORA:575B16076F55", "FEDORA:5C7D56076F55", "FEDORA:5EF1A6076F55", "FEDORA:6541E60748F9", "FEDORA:6B591601EDDE", "FEDORA:6DAC2601EDDA", "FEDORA:748906076F55", "FEDORA:791786076F55", "FEDORA:8F8C0601EDDE", "FEDORA:93FF76076F55", "FEDORA:9766D6076F55", "FEDORA:999936076F55", "FEDORA:A088E6076F55", "FEDORA:A58296076F55", "FEDORA:BE87C60748F9", "FEDORA:C16F56079703", "FEDORA:C1BBA6076F55", "FEDORA:C41F46076F55", "FEDORA:C7F6A6178920", "FEDORA:DFB316077DF1", "FEDORA:E7E3A6076F55", "FEDORA:F0880601EDDA", "FEDORA:F10E86076F55"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "ibm", "idList": ["B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC"]}, {"type": "mageia", "idList": ["MGASA-2018-0229"]}, {"type": "nessus", "idList": ["ALA_ALAS-2018-966.NASL", "DEBIAN_DLA-1081.NASL", "DEBIAN_DLA-1131.NASL", "DEBIAN_DLA-1154.NASL", "DEBIAN_DLA-1168.NASL", "DEBIAN_DLA-1170.NASL", "DEBIAN_DLA-1401.NASL", "DEBIAN_DLA-1456.NASL", "DEBIAN_DLA-1785.NASL", "DEBIAN_DLA-2366.NASL", "DEBIAN_DSA-3914.NASL", "DEBIAN_DSA-4019.NASL", "DEBIAN_DSA-4032.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4074.NASL", "DEBIAN_DSA-4204.NASL", "DEBIAN_DSA-4321.NASL", "EULEROS_SA-2017-1257.NASL", "EULEROS_SA-2017-1258.NASL", "EULEROS_SA-2019-2354.NASL", "EULEROS_SA-2020-1390.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-8F27031C8F.NASL", "FEDORA_2018-7C61D08C4F.NASL", "FEDORA_2018-BFB9835EDD.NASL", "FEDORA_2019-425A1AA7C9.NASL", "FEDORA_2019-DA4C20882C.NASL", "GENTOO_GLSA-201711-07.NASL", "OPENSUSE-2017-1276.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1362.NASL", "OPENSUSE-2017-1413.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2020-2750-1.NASL", "UBUNTU_USN-3363-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-4222-1.NASL", "UBUNTU_USN-4232-1.NASL", "UBUNTU_USN-4248-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703914", "OPENVAS:1361412562310704019", "OPENVAS:1361412562310704032", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704074", "OPENVAS:1361412562310704204", "OPENVAS:1361412562310704321", "OPENVAS:1361412562310843251", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310844278", "OPENVAS:1361412562310844287", "OPENVAS:1361412562310844305", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851663", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310873390", "OPENVAS:1361412562310873391", "OPENVAS:1361412562310873392", "OPENVAS:1361412562310873394", "OPENVAS:1361412562310873399", "OPENVAS:1361412562310873400", "OPENVAS:1361412562310873404", "OPENVAS:1361412562310873407", "OPENVAS:1361412562310873408", "OPENVAS:1361412562310873409", "OPENVAS:1361412562310873410", "OPENVAS:1361412562310873412", "OPENVAS:1361412562310873417", "OPENVAS:1361412562310873419", "OPENVAS:1361412562310873420", "OPENVAS:1361412562310873422", "OPENVAS:1361412562310873424", "OPENVAS:1361412562310873425", "OPENVAS:1361412562310873427", "OPENVAS:1361412562310873429", "OPENVAS:1361412562310873431", "OPENVAS:1361412562310873432", "OPENVAS:1361412562310873434", "OPENVAS:1361412562310873436", "OPENVAS:1361412562310873438", "OPENVAS:1361412562310874084", "OPENVAS:1361412562310874085", "OPENVAS:1361412562310876545", "OPENVAS:1361412562310876546", "OPENVAS:1361412562310891081", "OPENVAS:1361412562310891131", "OPENVAS:1361412562310891401", "OPENVAS:1361412562310891456", "OPENVAS:1361412562310891785", "OPENVAS:1361412562311220171257", "OPENVAS:1361412562311220171258", "OPENVAS:1361412562311220192354", "OPENVAS:1361412562311220201390", "OPENVAS:703914"]}, {"type": "osv", "idList": ["OSV:DLA-1081-1", "OSV:DLA-1130-1", "OSV:DLA-1131-1", "OSV:DLA-1154-1", "OSV:DLA-1170-1", "OSV:DLA-1456-1", "OSV:DLA-1785-1", "OSV:DLA-2366-1", "OSV:DSA-4074-1", "OSV:DSA-4204-1", "OSV:DSA-4321-1"]}, {"type": "prion", "idList": ["PRION:CVE-2017-11188", "PRION:CVE-2017-11478", "PRION:CVE-2017-11523", "PRION:CVE-2017-11527", "PRION:CVE-2017-11535", "PRION:CVE-2017-11640", "PRION:CVE-2017-11752", "PRION:CVE-2017-12140", "PRION:CVE-2017-12435", "PRION:CVE-2017-12587", "PRION:CVE-2017-12644", "PRION:CVE-2017-12662", "PRION:CVE-2017-12669", "PRION:CVE-2017-12983", "PRION:CVE-2017-13134", "PRION:CVE-2017-13769", "PRION:CVE-2017-14138", "PRION:CVE-2017-14172", "PRION:CVE-2017-14173", "PRION:CVE-2017-14175", "PRION:CVE-2017-14341", "PRION:CVE-2017-14342", "PRION:CVE-2017-14531", "PRION:CVE-2017-14607", "PRION:CVE-2017-14682", "PRION:CVE-2017-14733", "PRION:CVE-2017-14989", "PRION:CVE-2017-15217", "PRION:CVE-2017-15930", "PRION:CVE-2017-16545", "PRION:CVE-2017-16546", "PRION:CVE-2017-16669"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11188", "RH:CVE-2017-11478", "RH:CVE-2017-11523", "RH:CVE-2017-11527", "RH:CVE-2017-11535", "RH:CVE-2017-11640", "RH:CVE-2017-11752", "RH:CVE-2017-12140", "RH:CVE-2017-12435", "RH:CVE-2017-12587", "RH:CVE-2017-12644", "RH:CVE-2017-12662", "RH:CVE-2017-12669", "RH:CVE-2017-12983", "RH:CVE-2017-13134", "RH:CVE-2017-13769", "RH:CVE-2017-14138", "RH:CVE-2017-14172", "RH:CVE-2017-14173", "RH:CVE-2017-14175", "RH:CVE-2017-14341", "RH:CVE-2017-14342", "RH:CVE-2017-14531", "RH:CVE-2017-14607", "RH:CVE-2017-14682", "RH:CVE-2017-14989", "RH:CVE-2017-15217", "RH:CVE-2017-16546"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3435-1"]}, {"type": "ubuntu", "idList": ["USN-3363-1", "USN-3681-1", "USN-4222-1", "USN-4232-1", "USN-4248-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11188", "UB:CVE-2017-11478", "UB:CVE-2017-11523", "UB:CVE-2017-11527", "UB:CVE-2017-11535", "UB:CVE-2017-11640", "UB:CVE-2017-11752", "UB:CVE-2017-12140", "UB:CVE-2017-12435", "UB:CVE-2017-12587", "UB:CVE-2017-12644", "UB:CVE-2017-12662", "UB:CVE-2017-12669", "UB:CVE-2017-12983", "UB:CVE-2017-13134", "UB:CVE-2017-13769", "UB:CVE-2017-14138", "UB:CVE-2017-14172", "UB:CVE-2017-14173", "UB:CVE-2017-14175", "UB:CVE-2017-14341", "UB:CVE-2017-14342", "UB:CVE-2017-14531", "UB:CVE-2017-14607", "UB:CVE-2017-14682", "UB:CVE-2017-14733", "UB:CVE-2017-14989", "UB:CVE-2017-15217", "UB:CVE-2017-15930", "UB:CVE-2017-16545", "UB:CVE-2017-16546", "UB:CVE-2017-16669"]}, {"type": "veracode", "idList": ["VERACODE:20576", "VERACODE:26917", "VERACODE:26955", "VERACODE:28259", "VERACODE:4565", "VERACODE:4622", "VERACODE:4630", "VERACODE:4633", "VERACODE:4640", "VERACODE:4752", "VERACODE:4851", "VERACODE:4870", "VERACODE:4875", "VERACODE:4891", "VERACODE:4932", "VERACODE:4956", "VERACODE:5034", "VERACODE:5035", "VERACODE:5078", "VERACODE:5079", "VERACODE:5121", "VERACODE:5220", "VERACODE:5260", "VERACODE:5268", "VERACODE:5378"]}]}, "score": {"value": 3.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2018-966"]}, {"type": "archlinux", "idList": ["ASA-201801-7"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0786D81DB4A901AA3B5284FE6A0FCD9C"]}, {"type": "cve", "idList": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1081-1:D21F2", "DEBIAN:DLA-1131-1:F4DB2", "DEBIAN:DLA-1154-1:6E465", "DEBIAN:DLA-1168-1:C7018", "DEBIAN:DLA-1170-1:0834A", "DEBIAN:DSA-3914-1:48C64", "DEBIAN:DSA-4019-1:AFDE4", "DEBIAN:DSA-4032-1:08B80", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4074-1:AED98", "DEBIAN:DSA-4204-1:271DB", "DEBIAN:DSA-4321-1:D5514"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11188", "DEBIANCVE:CVE-2017-11478", "DEBIANCVE:CVE-2017-11523", "DEBIANCVE:CVE-2017-11527", "DEBIANCVE:CVE-2017-11535", "DEBIANCVE:CVE-2017-11640", "DEBIANCVE:CVE-2017-11752", "DEBIANCVE:CVE-2017-12140", "DEBIANCVE:CVE-2017-12435", "DEBIANCVE:CVE-2017-12587", "DEBIANCVE:CVE-2017-12644", "DEBIANCVE:CVE-2017-12662", "DEBIANCVE:CVE-2017-12669", "DEBIANCVE:CVE-2017-12983", "DEBIANCVE:CVE-2017-13134", "DEBIANCVE:CVE-2017-13769", "DEBIANCVE:CVE-2017-14138", "DEBIANCVE:CVE-2017-14172", "DEBIANCVE:CVE-2017-14173", "DEBIANCVE:CVE-2017-14175", "DEBIANCVE:CVE-2017-14341", "DEBIANCVE:CVE-2017-14342", "DEBIANCVE:CVE-2017-14531", "DEBIANCVE:CVE-2017-14607", "DEBIANCVE:CVE-2017-14682", "DEBIANCVE:CVE-2017-14733", "DEBIANCVE:CVE-2017-14989", "DEBIANCVE:CVE-2017-15217", "DEBIANCVE:CVE-2017-15930", "DEBIANCVE:CVE-2017-16545", "DEBIANCVE:CVE-2017-16546", "DEBIANCVE:CVE-2017-16669"]}, {"type": "fedora", "idList": ["FEDORA:C16F56079703", "FEDORA:DFB316077DF1", "FEDORA:F0880601EDDA"]}, {"type": "gentoo", "idList": ["GLSA-201711-07"]}, {"type": "ibm", "idList": ["B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-11527/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-11523/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-11527/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1168.NASL", "DEBIAN_DLA-1170.NASL", "DEBIAN_DSA-3914.NASL", "DEBIAN_DSA-4032.NASL", "GENTOO_GLSA-201711-07.NASL", "OPENSUSE-2017-1276.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1362.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "UBUNTU_USN-3363-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704032", "OPENVAS:1361412562310843251", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851663", "OPENVAS:703914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11188", "RH:CVE-2017-11478", "RH:CVE-2017-11523", "RH:CVE-2017-11527", "RH:CVE-2017-11535", "RH:CVE-2017-11640", "RH:CVE-2017-11752", "RH:CVE-2017-12140", "RH:CVE-2017-12435", "RH:CVE-2017-12587", "RH:CVE-2017-12644", "RH:CVE-2017-12662", "RH:CVE-2017-12669", "RH:CVE-2017-12983", "RH:CVE-2017-13134", "RH:CVE-2017-13769", "RH:CVE-2017-14138", "RH:CVE-2017-14172", "RH:CVE-2017-14173", "RH:CVE-2017-14175", "RH:CVE-2017-14341", "RH:CVE-2017-14342", "RH:CVE-2017-14531", "RH:CVE-2017-14607", "RH:CVE-2017-14682", "RH:CVE-2017-14989", "RH:CVE-2017-15217", "RH:CVE-2017-16546"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3270-1", "OPENSUSE-SU-2017:3420-1", "SUSE-SU-2017:3378-1"]}, {"type": "ubuntu", "idList": ["USN-3363-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11188", "UB:CVE-2017-11478", "UB:CVE-2017-11523", "UB:CVE-2017-11527", "UB:CVE-2017-11535", "UB:CVE-2017-11640", "UB:CVE-2017-11752", "UB:CVE-2017-12140", "UB:CVE-2017-12435", "UB:CVE-2017-12587", "UB:CVE-2017-12644", "UB:CVE-2017-12662", "UB:CVE-2017-12669", "UB:CVE-2017-12983", "UB:CVE-2017-13134", "UB:CVE-2017-13769", "UB:CVE-2017-14138", "UB:CVE-2017-14172", "UB:CVE-2017-14173", "UB:CVE-2017-14175", "UB:CVE-2017-14341", "UB:CVE-2017-14342", "UB:CVE-2017-14531", "UB:CVE-2017-14607", "UB:CVE-2017-14682", "UB:CVE-2017-14733", "UB:CVE-2017-14989", "UB:CVE-2017-15217", "UB:CVE-2017-15930", "UB:CVE-2017-16545", "UB:CVE-2017-16546", "UB:CVE-2017-16669"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-14531", "epss": "0.002940000", "percentile": "0.643750000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14175", "epss": "0.003840000", "percentile": "0.688830000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14138", "epss": "0.002760000", "percentile": "0.631520000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11523", "epss": "0.013130000", "percentile": "0.838600000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12587", "epss": "0.003050000", "percentile": "0.650370000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11478", "epss": "0.000830000", "percentile": "0.336980000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12983", "epss": "0.005710000", "percentile": "0.745320000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11527", "epss": "0.000830000", "percentile": "0.336980000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14172", "epss": "0.003840000", "percentile": "0.688830000", "modified": "2023-03-15"}, {"cve": "CVE-2017-16546", "epss": "0.016370000", "percentile": "0.855680000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14989", "epss": "0.002390000", "percentile": "0.601480000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14173", "epss": "0.003350000", "percentile": "0.666810000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12644", "epss": "0.004540000", "percentile": "0.713320000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11188", "epss": "0.000690000", "percentile": "0.280210000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14607", "epss": "0.005260000", "percentile": "0.733890000", "modified": "2023-03-15"}, {"cve": "CVE-2017-15217", "epss": "0.002940000", "percentile": "0.643750000", "modified": "2023-03-15"}, {"cve": "CVE-2017-15930", "epss": "0.006370000", "percentile": "0.759050000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14341", "epss": "0.002470000", "percentile": "0.608310000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12140", "epss": "0.003640000", "percentile": "0.680200000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11752", "epss": "0.000970000", "percentile": "0.389330000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14682", "epss": "0.007140000", "percentile": "0.774670000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13134", "epss": "0.003930000", "percentile": "0.692370000", "modified": "2023-03-15"}, {"cve": "CVE-2017-13769", "epss": "0.003390000", "percentile": "0.668110000", "modified": "2023-03-15"}, {"cve": "CVE-2017-16669", "epss": "0.005580000", "percentile": "0.742260000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14733", "epss": "0.004250000", "percentile": "0.703210000", "modified": "2023-03-15"}, {"cve": "CVE-2017-16545", "epss": "0.008630000", "percentile": "0.798010000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12669", "epss": "0.002410000", "percentile": "0.603470000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12435", "epss": "0.002340000", "percentile": "0.596900000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11640", "epss": "0.003660000", "percentile": "0.681160000", "modified": "2023-03-15"}, {"cve": "CVE-2017-11535", "epss": "0.001720000", "percentile": "0.525230000", "modified": "2023-03-15"}, {"cve": "CVE-2017-12662", "epss": "0.003100000", "percentile": "0.653230000", "modified": "2023-03-15"}, {"cve": "CVE-2017-14342", "epss": "0.000740000", "percentile": "0.299470000", "modified": "2023-03-15"}], "vulnersScore": 3.1}, "_state": {"dependencies": 1701031813, "score": 1701032816, "epss": 0}, "_internal": {"score_hash": "291bd20a9f1995f1faa3144e4031e5fd"}, "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "s390x", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.s390x.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "ppc64le", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.s390x.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.s390x.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagickwand-6_q16-1-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "s390x", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.s390x.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickcore-6_q16-1-debuginfo-32bit", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "aarch64", "operator": "lt", "packageFilename": "perl-PerlMagick-debuginfo-6.8.8.1-71.17.1.aarch64.rpm", "packageName": "perl-perlmagick-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3-debuginfo", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagickWand-6_Q16-1-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagickwand-6_q16-1", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-devel-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-debugsource-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-debugsource", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "x86_64", "operator": "lt", "packageFilename": "ImageMagick-devel-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "imagemagick-devel", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.3", "arch": "x86_64", "operator": "lt", "packageFilename": "libMagick++-6_Q16-3-6.8.8.1-71.17.1.x86_64.rpm", "packageName": "libmagick++-6_q16-3", "packageVersion": "6.8.8.1-71.17.1"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "arch": "ppc64le", "operator": "lt", "packageFilename": "perl-PerlMagick-6.8.8.1-71.17.1.ppc64le.rpm", "packageName": "perl-perlmagick", "packageVersion": "6.8.8.1-71.17.1"}]}

{"openvas": [{"lastseen": "2020-01-31T18:26:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851668", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851668\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-23 07:47:42 +0100 (Sat, 23 Dec 2017)\");\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\",\n \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\",\n \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\",\n \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\",\n \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\",\n \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\",\n \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2017:3420-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n\n * CVE-2017-15930: Null Pointer dereference while transferring JPEG\n scanlines could lead to denial of service [bsc#1066003]\n\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n\n * CVE-2017-12587: User controllable large loop in the ReadPWPImage in\n coders\\pwp.c could ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"ImageMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3420-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00087.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~30.12.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debuginfo\", rpm:\"ImageMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-debugsource\", rpm:\"ImageMagick-debugsource~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-extra-debuginfo\", rpm:\"ImageMagick-extra-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3\", rpm:\"libMagick++-6_Q16-3~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo\", rpm:\"libMagick++-6_Q16-3-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1\", rpm:\"libMagickCore-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo\", rpm:\"libMagickCore-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1\", rpm:\"libMagickWand-6_Q16-1~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo\", rpm:\"libMagickWand-6_Q16-1-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-PerlMagick-debuginfo\", rpm:\"perl-PerlMagick-debuginfo~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-doc\", rpm:\"ImageMagick-doc~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-devel-32bit\", rpm:\"ImageMagick-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-32bit\", rpm:\"libMagick++-6_Q16-3-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-6_Q16-3-debuginfo-32bit\", rpm:\"libMagick++-6_Q16-3-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagick++-devel-32bit\", rpm:\"libMagick++-devel-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-32bit\", rpm:\"libMagickCore-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickCore-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickCore-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-32bit\", rpm:\"libMagickWand-6_Q16-1-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libMagickWand-6_Q16-1-debuginfo-32bit\", rpm:\"libMagickWand-6_Q16-1-debuginfo-32bit~6.8.8.1~40.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:28:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13737", "CVE-2017-16546", "CVE-2017-14341", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-11640", "CVE-2017-14342"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851657", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851657\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 07:41:17 +0100 (Thu, 07 Dec 2017)\");\n script_cve_id(\"CVE-2017-11640\", \"CVE-2017-13737\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3223-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could\n lead to a denial of service (bsc#1067181).\n\n - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c that could lead to a denial of service (bsc#1058485).\n\n - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a\n denial of service via crafted files (bsc#1067409).\n\n - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a\n validation problems could lead to a denial of service (bsc#1067184).\n\n - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function\n (bsc#1058637).\n\n - CVE-2017-13737: Fix invalid free in the MagickFree function in\n magick/memory.c (tiff.c) (bsc#1056162).\n\n - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in\n coders/tiff.c (bsc#1050632).\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3223-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~11.44.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~44.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.", "cvss3": {}, "published": "2017-11-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4032-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4032.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4032-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704032\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\");\n script_name(\"Debian Security Advisory DSA 4032-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-12 00:00:00 +0100 (Sun, 12 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4032.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u3.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16hdri\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16hdri-perl\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-7\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-3-extra\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-3\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16hdri-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.9.7.4+dfsg-11+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851663", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851663\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 07:44:03 +0100 (Wed, 13 Dec 2017)\");\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\",\n \"CVE-2017-14733\", \"CVE-2017-14994\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2017:3270-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3270-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~11.48.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~47.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4040-1 (imagemagick - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15277", "CVE-2017-14224", "CVE-2017-13144", "CVE-2017-12640", "CVE-2017-13758", "CVE-2017-12983", "CVE-2017-13139", "CVE-2017-12877", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14607", "CVE-2017-11352", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-12431", "CVE-2017-11640"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704040", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4040.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4040-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704040\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_name(\"Debian Security Advisory DSA 4040-1 (imagemagick - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-17 00:00:00 +0100 (Fri, 17 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4040.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\");\n script_tag(name:\"summary\", value:\"This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-6.q16\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libimage-magick-q16-perl\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-5\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-arch-config\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-2-extra\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6-headers\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-2\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-6.q16-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.8.9.9-5+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:49", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for imagemagick (DLA-1131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14175", "CVE-2017-14060", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12691", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-12692", "CVE-2017-14173", "CVE-2017-14607", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-14682", "CVE-2017-13769", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891131", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891131\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15016\", \"CVE-2017-15017\");\n script_name(\"Debian LTS: Security Advisory for imagemagick (DLA-1131-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"imagemagick on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\");\n\n script_tag(name:\"summary\", value:\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-common\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-dbg\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"imagemagick-doc\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagick++5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickcore5-extra\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand-dev\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagickwand5\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"perlmagick\", ver:\"8:6.7.7.10-5+deb7u17\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-12-05T15:06:19", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14138", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14733", "CVE-2017-14989", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3388-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3388-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105409);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service\n [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap\n buffer overflow could lead to denial of service\n [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could\n lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow\n remote attackers to cause a denial of service via\n crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in\n ReadWEBPImage in coders/webp.c could lead to denial of\n service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in\n coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c inImageMagick\n 7.0.6-8 allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows\n remote attackers to cause a denial of service\n [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12587/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12662/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12983/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14172/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14173/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14175/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14341/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14342/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14607/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14682/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14989/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15217/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16669/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173388-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e420b1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-2123=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-2123=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-2123=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:49", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] \n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] \n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] \n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-12-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2017-1413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11523", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14138", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14733", "CVE-2017-14989", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imagemagick", "p-cpe:/a:novell:opensuse:imagemagick-debuginfo", "p-cpe:/a:novell:opensuse:imagemagick-debugsource", "p-cpe:/a:novell:opensuse:imagemagick-devel", "p-cpe:/a:novell:opensuse:imagemagick-devel-32bit", "p-cpe:/a:novell:opensuse:imagemagick-extra", "p-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickcore-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-32bit", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libmagickwand-6_q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-perlmagick", "p-cpe:/a:novell:opensuse:perl-perlmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/105455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1413.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105455);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11523\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14138\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14733\", \"CVE-2017-14989\", \"CVE-2017-15217\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2017-1413)\");\n script_summary(english:\"Check for the openSUSE-2017-1413 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service\n [bsc#1061254]\n\n - CVE-2017-14682: GetNextToken in MagickCore/token.c heap\n buffer overflow could lead to denial of service\n [bsc#1060176]\n\n - Memory leak in WriteINLINEImage in coders/inline.c could\n lead to denial of service [bsc#1052744]\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-16669: problem in coders/wpg.c could allow\n remote attackers to cause a denial of service via\n crafted file [bsc#1067409]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-14138: memory leak vulnerability in\n ReadWEBPImage in coders/webp.c could lead to denial of\n service [bsc#1057157]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-15217: memory leak in ReadSGIImage in\n coders/sgi.c [bsc#1062750]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c inImageMagick\n 7.0.6-8 allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-11523: ReadTXTImage in coders/txt.c allows\n remote attackers to cause a denial of service\n [bsc#1050083]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116] \n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441] \n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847] \n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067409\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-debugsource-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-devel-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagick++-devel-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-30.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-debugsource-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-devel-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagick++-devel-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:30", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184]\n\n - CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719]\n\n - CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c allows remote attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11188", "CVE-2017-11478", "CVE-2017-11527", "CVE-2017-11535", "CVE-2017-11640", "CVE-2017-11752", "CVE-2017-12140", "CVE-2017-12435", "CVE-2017-12587", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-12669", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14175", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14531", "CVE-2017-14607", "CVE-2017-14733", "CVE-2017-15930", "CVE-2017-16545", "CVE-2017-16546"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libmagickcore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-3378-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105408", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3378-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105408);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11188\", \"CVE-2017-11478\", \"CVE-2017-11527\", \"CVE-2017-11535\", \"CVE-2017-11640\", \"CVE-2017-11752\", \"CVE-2017-12140\", \"CVE-2017-12435\", \"CVE-2017-12587\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-12669\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13769\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14175\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-14531\", \"CVE-2017-14607\", \"CVE-2017-14733\", \"CVE-2017-15930\", \"CVE-2017-16545\", \"CVE-2017-16546\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2017:3378-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2017-14607: out of bounds read flaw related to\n ReadTIFFImagehas could possibly disclose potentially\n sensitive memory [bsc#1059778]\n\n - CVE-2017-11640: NULL pointer deref in WritePTIFImage()\n in coders/tiff.c [bsc#1050632]\n\n - CVE-2017-14342: a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c could lead to denial of\n service [bsc#1058485]\n\n - CVE-2017-14341: Infinite loop in the ReadWPGImage\n function [bsc#1058637]\n\n - CVE-2017-16546: problem in the function ReadWPGImage in\n coders/wpg.c could lead to denial of service\n [bsc#1067181]\n\n - CVE-2017-16545: The ReadWPGImage function in\n coders/wpg.c in validation problems could lead to denial\n of service [bsc#1067184]\n\n - CVE-2017-14175: Lack of End of File check could lead to\n denial of service [bsc#1057719]\n\n - CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n - CVE-2017-13134: a heap-based buffer over-read was found\n in thefunction SFWScan in coders/sfw.c, which allows\n attackers to cause adenial of service via a crafted\n file. [bsc#1055214]\n\n - CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in\n ImageMagick allows remote attackers to cause a DoS\n [bsc#1049796]\n\n - CVE-2017-15930: NULL pointer dereference while\n transfering JPEG scanlines could lead to denial of\n service [bsc#1066003]\n\n - CVE-2017-12983: Heap-based buffer overflow in the\n ReadSFWImage function in coders/sfw.c allows remote\n attackers to cause a denial of service [bsc#1054757]\n\n - CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n - CVE-2017-12435: Memory exhaustion in ReadSUNImage in\n coders/sun.c, which allows attackers to cause denial of\n service [bsc#1052553]\n\n - CVE-2017-12587: User controlable large loop in the\n ReadPWPImage in coders\\pwp.c could lead to denial of\n service [bsc#1052450]\n\n - CVE-2017-14173: unction ReadTXTImage is vulnerable to a\n integer overflow that could lead to denial of service\n [bsc#1057729]\n\n - CVE-2017-11188: ImageMagick: The ReadDPXImage function\n in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop\n vulnerability that can cause CPU exhaustion via a\n crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n - CVE-2017-11527: ImageMagick: ReadDPXImage in\n coders/dpx.c allows remote attackers to cause DoS\n [bnc#1050116]\n\n - CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based\n buffer over-read in WritePSImage() in coders/ps.c\n [bnc#1050139]\n\n - CVE-2017-11752: ImageMagick: ReadMAGICKImage in\n coders/magick.c allows to cause DoS [bnc#1051441]\n\n - CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c\n has a ninteger signedness error leading to excessive\n memory consumption [bnc#1051847]\n\n - CVE-2017-12669: ImageMagick: Memory leak in\n WriteCALSImage in coders/cals.c [bnc#1052689]\n\n - CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak\n in WritePDFImage in coders/pdf.c [bnc#1052758]\n\n - CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage\n in codersdcm.c [bnc#1052764]\n\n - CVE-2017-14172: ImageMagick: Lack of end of file check\n in ReadPSImage() could lead to a denial of service\n [bnc#1057730]\n\n - CVE-2017-14733: GraphicsMagick: Heap overflow on\n ReadRLEImage in coders/rle.c could lead to denial of\n service [bnc#1060577]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11640/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12435/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12587/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12662/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12983/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14172/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14173/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14175/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14341/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14342/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14607/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16546/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173378-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfddb1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-13384=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-13384=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-13384=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.78.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.78.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:07", "description": "This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181).\n\n - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485).\n\n - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409).\n\n - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184).\n\n - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637).\n\n - CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162).\n\n - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632).", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1346)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11640", "CVE-2017-13737", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-16545", "CVE-2017-16546", "CVE-2017-16669"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1346.NASL", "href": "https://www.tenable.com/plugins/nessus/105233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1346.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105233);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11640\", \"CVE-2017-13737\", \"CVE-2017-14341\", \"CVE-2017-14342\", \"CVE-2017-16545\", \"CVE-2017-16546\", \"CVE-2017-16669\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1346)\");\n script_summary(english:\"Check for the openSUSE-2017-1346 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-16546: Fix ReadWPGImage function in\n coders/wpg.c that could lead to a denial of service\n (bsc#1067181).\n\n - CVE-2017-14342: Fix a memory exhaustion vulnerability in\n ReadWPGImage in coders/wpg.c that could lead to a denial\n of service (bsc#1058485).\n\n - CVE-2017-16669: Fix coders/wpg.c that allows remote\n attackers to cause a denial of service via crafted files\n (bsc#1067409).\n\n - CVE-2017-16545: Fix the ReadWPGImage function in\n coders/wpg.c as a validation problems could lead to a\n denial of service (bsc#1067184).\n\n - CVE-2017-14341: Fix infinite loop in the ReadWPGImage\n function (bsc#1058637).\n\n - CVE-2017-13737: Fix invalid free in the MagickFree\n function in magick/memory.c (tiff.c) (bsc#1056162).\n\n - CVE-2017-11640: Fix NULL pointer deref in\n WritePTIFImage() in coders/tiff.c (bsc#1050632).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067409\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-44.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:34", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "Debian DSA-4032-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4032.NASL", "href": "https://www.tenable.com/plugins/nessus/104504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4032. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104504);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\");\n script_xref(name:\"DSA\", value:\"4032\");\n\n script_name(english:\"Debian DSA-4032-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG\nor SFW files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4032\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-11+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-6.q16hdri\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-common\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"imagemagick-doc\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libimage-magick-q16hdri-perl\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-7\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagick++-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-3-extra\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-3\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-6.q16hdri-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"perlmagick\", reference:\"8:6.9.7.4+dfsg-11+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:23", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger signedness error leading to excessive memory consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could lead to denial of service (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could lead to denial of service (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage() (bnc#1047054)", "cvss3": {}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-12140", "CVE-2017-12644", "CVE-2017-12662", "CVE-2017-14733", "CVE-2017-14994"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1362.NASL", "href": "https://www.tenable.com/plugins/nessus/105243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1362.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105243);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10799\", \"CVE-2017-12140\", \"CVE-2017-12644\", \"CVE-2017-12662\", \"CVE-2017-14733\", \"CVE-2017-14994\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1362)\");\n script_summary(english:\"Check for the openSUSE-2017-1362 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a\n ninteger signedness error leading to excessive memory\n consumption (bnc#1051847)\n\n - CVE-2017-14994: NULL pointer in ReadDCMImage in\n coders/dcm.c could lead to denial of service\n (bnc#1061587)\n\n - CVE-2017-12662: Memory leak in WritePDFImage in\n coders/pdf.c could lead to denial of service\n (bnc#1052758)\n\n - CVE-2017-14733: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service\n (bnc#1060577) \n\n - CVE-2017-12644: Memory leak in ReadDCMImage in\n coders\\dcm.c could lead to denial of service\n (bnc#1052764)\n\n - CVE-2017-10799: denial of service (OOM) can occur\n inReadDPXImage() (bnc#1047054)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061587\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-47.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:04:22", "description": "This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.", "cvss3": {}, "published": "2017-11-20T00:00:00", "type": "nessus", "title": "Debian DSA-4040-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4040.NASL", "href": "https://www.tenable.com/plugins/nessus/104684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4040. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104684);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11352\", \"CVE-2017-11640\", \"CVE-2017-12431\", \"CVE-2017-12640\", \"CVE-2017-12877\", \"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13139\", \"CVE-2017-13144\", \"CVE-2017-13758\", \"CVE-2017-13769\", \"CVE-2017-14224\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14989\", \"CVE-2017-15277\", \"CVE-2017-16546\");\n script_xref(name:\"DSA\", value:\"4040\");\n\n script_name(english:\"Debian DSA-4040-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed image files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4040\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 8:6.8.9.9-5+deb8u11.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:54:10", "description": "This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056429)\n\n - CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056426)\n\n - CVE-2017-13134: heap-based buffer over-read allowing DoS via crafted sfw files (bsc#1055214)\n\n - CVE-2017-15930: Specially crafted JPEG files could lead to a NULL pointer dereference and DoS (bsc#1066003)\n\n - CVE-2017-14165: Memory allocation issue may allow DoS through specially crafted files (bsc#1057508)\n\n - CVE-2017-12983: Heap-based buffer overflow could have triggered an application crash or possibly have unspecified other impact via a crafted file.\n (bnc#1054757)", "cvss3": {}, "published": "2017-11-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2017-1276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13776", "CVE-2017-13777", "CVE-2017-14165", "CVE-2017-15930"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:graphicsmagick", "p-cpe:/a:novell:opensuse:graphicsmagick-debuginfo", "p-cpe:/a:novell:opensuse:graphicsmagick-debugsource", "p-cpe:/a:novell:opensuse:graphicsmagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick3-config", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2", "p-cpe:/a:novell:opensuse:libgraphicsmagickwand-q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-graphicsmagick", "p-cpe:/a:novell:opensuse:perl-graphicsmagick-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1276.NASL", "href": "https://www.tenable.com/plugins/nessus/104615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1276.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104615);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-12983\", \"CVE-2017-13134\", \"CVE-2017-13776\", \"CVE-2017-13777\", \"CVE-2017-14165\", \"CVE-2017-15930\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2017-1276)\");\n script_summary(english:\"Check for the openSUSE-2017-1276 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following security issues :\n\n - CVE-2017-13776: denial of service issue in\n ReadXBMImage() in a coders/xbm.c (bsc#1056429)\n\n - CVE-2017-13777: denial of service issue in\n ReadXBMImage() in a coders/xbm.c (bsc#1056426)\n\n - CVE-2017-13134: heap-based buffer over-read allowing DoS\n via crafted sfw files (bsc#1055214)\n\n - CVE-2017-15930: Specially crafted JPEG files could lead\n to a NULL pointer dereference and DoS (bsc#1066003)\n\n - CVE-2017-14165: Memory allocation issue may allow DoS\n through specially crafted files (bsc#1057508)\n\n - CVE-2017-12983: Heap-based buffer overflow could have\n triggered an application crash or possibly have\n unspecified other impact via a crafted file.\n (bnc#1054757)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066003\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-11.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debuginfo-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-debugsource-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"GraphicsMagick-devel-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick++-devel-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagick3-config-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-1.3.25-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:02:28", "description": "This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types of files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-11T00:00:00", "type": "nessus", "title": "Debian DLA-1131-1 : imagemagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15016", "CVE-2017-15017"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "p-cpe:/a:debian:debian_linux:imagemagick-common", "p-cpe:/a:debian:debian_linux:imagemagick-dbg", "p-cpe:/a:debian:debian_linux:imagemagick-doc", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libmagick%2b%2b5", "p-cpe:/a:debian:debian_linux:libmagickcore-dev", "p-cpe:/a:debian:debian_linux:libmagickcore5", "p-cpe:/a:debian:debian_linux:libmagickcore5-extra", "p-cpe:/a:debian:debian_linux:libmagickwand-dev", "p-cpe:/a:debian:debian_linux:libmagickwand5", "p-cpe:/a:debian:debian_linux:perlmagick", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/103756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1131-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103756);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12691\", \"CVE-2017-12692\", \"CVE-2017-12693\", \"CVE-2017-12875\", \"CVE-2017-13758\", \"CVE-2017-13768\", \"CVE-2017-13769\", \"CVE-2017-14060\", \"CVE-2017-14172\", \"CVE-2017-14173\", \"CVE-2017-14174\", \"CVE-2017-14175\", \"CVE-2017-14224\", \"CVE-2017-14249\", \"CVE-2017-14341\", \"CVE-2017-14400\", \"CVE-2017-14505\", \"CVE-2017-14607\", \"CVE-2017-14682\", \"CVE-2017-14739\", \"CVE-2017-14741\", \"CVE-2017-14989\", \"CVE-2017-15016\", \"CVE-2017-15017\");\n\n script_name(english:\"Debian DLA-1131-1 : imagemagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail,\nCUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other\ntypes of files are processed.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/imagemagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmagickwand5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:perlmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-common\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"imagemagick-doc\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagick++5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickcore5-extra\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagickwand5\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"perlmagick\", reference:\"8:6.7.7.10-5+deb7u17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:36", "description": "This update for ImageMagick fixes the following issues :\n\nCVE-2017-11527: Fixed a denial of service inReadDPXImage() (bsc#1047054).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2020:2750-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11527"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:imagemagick-config-6-suse", "p-cpe:/a:novell:suse_linux:imagemagick-config-6-upstream", "p-cpe:/a:novell:suse_linux:imagemagick-debuginfo", "p-cpe:/a:novell:suse_linux:imagemagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16", "p-cpe:/a:novell:suse_linux:libmagickcore-6_q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16", "p-cpe:/a:novell:suse_linux:libmagickwand-6_q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2750-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2750-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143756);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2017-11527\");\n\n script_name(english:\"SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2020:2750-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ImageMagick fixes the following issues :\n\nCVE-2017-11527: Fixed a denial of service inReadDPXImage()\n(bsc#1047054).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11527/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202750-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d54abede\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-2750=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2750=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2750=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-SUSE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ImageMagick-config-6-SUSE-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ImageMagick-config-6-upstream-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ImageMagick-debuginfo-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ImageMagick-debugsource-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-71.144.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.144.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:33", "description": "A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries.\n\nA specially crafted file can be used to produce a heap-based buffer overflow and application crash by exploiting a defect in the AcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a dependency on liblcms2-2. This version of the package returns to using liblcms1. If your system does not otherwise require liblcms2-2, you may want to consider removing it following the graphicsmagick upgrade.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-13T00:00:00", "type": "nessus", "title": "Debian DLA-1168-1 : graphicsmagick security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16669"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:graphicsmagick", "p-cpe:/a:debian:debian_linux:graphicsmagick-dbg", "p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat", "p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat", "p-cpe:/a:debian:debian_linux:libgraphics-magick-perl", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick%2b%2b3", "p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev", "p-cpe:/a:debian:debian_linux:libgraphicsmagick3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1168.NASL", "href": "https://www.tenable.com/plugins/nessus/104501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1168-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104501);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-16669\");\n\n script_name(english:\"Debian DLA-1168-1 : graphicsmagick security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote denial of service vulnerability has been discovered in\ngraphicsmagick, a collection of image processing tools and associated\nlibraries.\n\nA specially crafted file can be used to produce a heap-based buffer\noverflow and application crash by exploiting a defect in the\nAcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a\ndependency on liblcms2-2. This version of the package returns to using\nliblcms1. If your system does not otherwise require liblcms2-2, you\nmay want to consider removing it following the graphicsmagick upgrade.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphicsmagick\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-imagemagick-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphicsmagick-libmagick-dev-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphics-magick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick++3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgraphicsmagick3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-dbg\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-imagemagick-compat\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"graphicsmagick-libmagick-dev-compat\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphics-magick-perl\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++1-dev\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick++3\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick1-dev\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphicsmagick3\", reference:\"1.3.16-1.1+deb7u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2021-06-08T18:39:00", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14989: use-after-free in RenderFreetype in\n MagickCore/annotate.c could lead to denial of service [bsc#1061254]\n * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer\n overflow could lead to denial of service [bsc#1060176]\n * Memory leak in WriteINLINEImage in coders/inline.c could lead to\n denial of service [bsc#1052744]\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers\n to cause a denial of service via crafted file [bsc#1067409]\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in\n coders/webp.c could lead to denial of service [bsc#1057157]\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c\n [bsc#1062750]\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers\n to cause a denial of service [bsc#1054757]\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers\n to cause a denial of service [bsc#1050083]\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-12-22T21:12:06", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-14138", "CVE-2017-11523", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14989", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15217", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-14682", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-16669", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2017-12-22T21:12:06", "id": "OPENSUSE-SU-2017:3420-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00087.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:39:00", "description": "This update for ImageMagick fixes the following issues:\n\n * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas\n could possibly disclose potentially sensitive memory [bsc#1059778]\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c [bsc#1050632]\n\n * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c could lead to denial of service [bsc#1058485]\n\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function\n [bsc#1058637]\n\n * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1067181]\n\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n\n * CVE-2017-14175: Lack of End of File check could lead to denial of\n service [bsc#1057719]\n\n * CVE-2017-13769: denial of service issue in function\n WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432]\n\n * CVE-2017-13134: a heap-based buffer over-read was found in thefunction\n SFWScan in coders/sfw.c, which allows attackers to cause adenial of\n service via a crafted file. [bsc#1055214]\n\n * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick\n allows remote attackers to cause a DoS [bsc#1049796]\n\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c allows remote attackers to cause a denial of\n service [bsc#1054757]\n\n * CVE-2017-14531: memory exhaustion issue in ReadSUNImage\n incoders/sun.c. [bsc#1059666]\n\n * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c,\n which allows attackers to cause denial of service [bsc#1052553]\n\n * CVE-2017-12587: User controlable large loop in the ReadPWPImage in\n coders\\pwp.c could lead to denial of service [bsc#1052450]\n\n * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer\n overflow that could lead to denial of service [bsc#1057729]\n\n * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c\n in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause\n CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check.\n [bnc#1048457]\n\n * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows\n remote attackers to cause DoS [bnc#1050116]\n\n * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer\n over-read in WritePSImage() in coders/ps.c [bnc#1050139]\n\n * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows\n to cause DoS [bnc#1051441]\n\n * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a\n ninteger signedness error leading to excessive memory consumption\n [bnc#1051847]\n\n * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in\n coders/cals.c [bnc#1052689]\n\n * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in\n WritePDFImage in coders/pdf.c [bnc#1052758]\n\n * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in\n codersdcm.c [bnc#1052764]\n\n * CVE-2017-14172: ImageMagick: Lack of end of file check in\n ReadPSImage() could lead to a denial of service [bnc#1057730]\n\n * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in\n coders/rle.c could lead to denial of service [bnc#1060577]\n\n", "cvss3": {}, "published": "2017-12-20T18:09:33", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14531", "CVE-2017-14175", "CVE-2017-12587", "CVE-2017-11478", "CVE-2017-12983", "CVE-2017-11527", "CVE-2017-14172", "CVE-2017-16546", "CVE-2017-14173", "CVE-2017-12644", "CVE-2017-11188", "CVE-2017-14607", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-12140", "CVE-2017-11752", "CVE-2017-13134", "CVE-2017-13769", "CVE-2017-14733", "CVE-2017-16545", "CVE-2017-12669", "CVE-2017-12435", "CVE-2017-11640", "CVE-2017-11535", "CVE-2017-12662", "CVE-2017-14342"], "modified": "2017-12-20T18:09:33", "id": "SUSE-SU-2017:3378-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00081.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in\n coders/tiff.c could lead to denial of service [bsc#1050632]\n * CVE-2017-14342: Memory exhaustion in ReadWPGImage in coders/wpg.c\n could lead to denial of service [bsc#1058485]\n * CVE-2017-14341: Infinite loop in the ReadWPGImage function could lead\n to denial of service [bsc#1058637]\n * CVE-2017-16546: Issue in ReadWPGImage function in coders/wpg.c could\n lead to denial of service [bsc#1067181]\n * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in\n validation problems could lead to denial of service [bsc#1067184]\n * CVE-2017-16669: coders/wpg.c allows remote attackers to cause a\n denial of service via crafted file [bsc#1067409]\n * CVE-2017-13776: denial of service issue in ReadXBMImage() in a\n coders/xbm.c [bsc#1056429]\n * CVE-2017-13777: denial of service issue in ReadXBMImage() in a\n coders/xbm.c [bsc#1056426]\n * CVE-2017-13134: heap-based buffer over-read in the function SFWScan in\n coders/sfw.c could lead to denial of service via a crafted file\n [bsc#1055214]\n * CVE-2017-15930: Null Pointer dereference while transfering JPEG\n scanlines could lead to denial of service [bsc#1066003]\n * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage\n function in coders/sfw.c allows remote attackers to cause a denial of\n service (application crash) or possibly have unspecified other impact\n via a crafted file. [bsc#1054757]\n * CVE-2017-14165: The ReadSUNImage function in coders/sun.c has an issue\n where memory allocation is excessive because it depends only on a\n length field in a header. This may lead to remote denial of service in\n the MagickMalloc function in magick/memory.c. [bsc#1057508]\n * CVE-2017-12587: Large loop vulnerability in the ReadPWPImage function\n in coders\\pwp.c. [bsc#1052450]\n\n", "cvss3": {}, "published": "2017-12-27T15:08:30", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-13777", "CVE-2017-12587", "CVE-2017-12983", "CVE-2017-13776", "CVE-2017-16546", "CVE-2016-7996", "CVE-2017-14165", "CVE-2017-15930", "CVE-2017-14341", "CVE-2017-13134", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-11640", "CVE-2017-14342"], "modified": "2017-12-27T15:08:30", "id": "SUSE-SU-2017:3435-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00093.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could\n lead to a denial of service (bsc#1067181).\n - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in\n coders/wpg.c that could lead to a denial of service (bsc#1058485).\n - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a\n denial of service via crafted files (bsc#1067409).\n - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a\n validation problems could lead to a denial of service (bsc#1067184).\n - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function\n (bsc#1058637).\n - CVE-2017-13737: Fix invalid free in the MagickFree function in\n magick/memory.c (tiff.c) (bsc#1056162).\n - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in\n coders/tiff.c (bsc#1050632).\n\n", "cvss3": {}, "published": "2017-12-06T03:09:38", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-13737", "CVE-2017-16546", "CVE-2017-14341", "CVE-2017-16669", "CVE-2017-16545", "CVE-2017-11640", "CVE-2017-14342"], "modified": "2017-12-06T03:09:38", "id": "OPENSUSE-SU-2017:3223-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00010.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n * CVE-2017-12140: ReadDCMImage in coders\\dcm.c has a ninteger\n signedness error leading to excessive memory consumption\n (bnc#1051847)\n * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could\n lead to denial of service (bnc#1061587)\n * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could\n lead to denial of service (bnc#1052758)\n * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could\n lead to denial of service (bnc#1060577)\n * CVE-2017-12644: Memory leak in ReadDCMImage in coders\\dcm.c could\n lead to denial of service (bnc#1052764)\n * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage()\n (bnc#1047054)\n\n", "cvss3": {}, "published": "2017-12-12T18:09:44", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10799", "CVE-2017-14994", "CVE-2017-12644", "CVE-2017-12140", "CVE-2017-14733", "CVE-2017-12662"], "modified": "2017-12-12T18:09:44", "id": "OPENSUSE-SU-2017:3270-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00028.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2023-12-05T11:00:28", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4032-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-12983 CVE-2017-13134 CVE-2017-13758\n CVE-2017-13769 CVE-2017-14224 CVE-2017-14607\n\t\t CVE-2017-14682 CVE-2017-14989 CVE-2017-15277\nDebian Bug : 873134 873099 878508 878507 876097 878527 876488 878562\n 878578\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files\nare processed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u3.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-12T10:45:50", "type": "debian", "title": "[SECURITY] [DSA 4032-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277"], "modified": "2017-11-12T10:45:50", "id": "DEBIAN:DSA-4032-1:08B80", "href": "https://lists.debian.org/debian-security-announce/2017/msg00295.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T10:59:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4040-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : imagemagick\nCVE ID : CVE-2017-11352 CVE-2017-11640 CVE-2017-12431\n CVE-2017-12640 CVE-2017-12877 CVE-2017-12983\n\t\t CVE-2017-13134 CVE-2017-13139 CVE-2017-13144\n\t\t CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 \n CVE-2017-14607 CVE-2017-14682 CVE-2017-14989\n\t\t CVE-2017-15277 CVE-2017-16546\n\nThis update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u11.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-17T22:51:42", "type": "debian", "title": "[SECURITY] [DSA 4040-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11352", "CVE-2017-11640", "CVE-2017-12431", "CVE-2017-12640", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13144", "CVE-2017-13758", "CVE-2017-13769", "CVE-2017-14224", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14989", "CVE-2017-15277", "CVE-2017-16546"], "modified": "2017-11-17T22:51:42", "id": "DEBIAN:DSA-4040-1:E6366", "href": "https://lists.debian.org/debian-security-announce/2017/msg00303.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T17:21:36", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u17\nCVE ID : CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12875 \n CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14060 \n CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 \n CVE-2017-14224 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400 \n CVE-2017-14505 CVE-2017-14607 CVE-2017-14682 CVE-2017-14739 \n CVE-2017-14741 CVE-2017-14989 CVE-2017-15016 CVE-2017-15017\nDebian Bug : 873871 875338 875339 875341 875352 875502 875503 875504\n 875506 876097 876099 876105 876488\n\n\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-11T02:59:21", "type": "debian", "title": "[SECURITY] [DLA 1131-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15016", "CVE-2017-15017"], "modified": "2017-10-11T02:59:21", "id": "DEBIAN:DLA-1131-1:F4DB2", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T17:19:48", "description": "Package : graphicsmagick\nVersion : 1.3.16-1.1+deb7u14\nCVE ID : CVE-2017-16669\n\n\nA remote denial of service vulnerability has been discovered in\ngraphicsmagick, a collection of image processing tools and associated\nlibraries.\n\nA specially crafted file can be used to produce a heap-based buffer\noverflow and application crash by exploiting a defect in the\nAcquireCacheNexus function in magick/pixel_cache.c.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.3.16-1.1+deb7u14.\n\nWe recommend that you upgrade your graphicsmagick packages.\n\nNote: The previous graphicsmagick package inadvertently introduced a\ndependency on liblcms2-2. This version of the package returns to using\nliblcms1. If your system does not otherwise require liblcms2-2, you\nmay want to consider removing it following the graphicsmagick upgrade.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-10T20:29:43", "type": "debian", "title": "[SECURITY] [DLA 1168-1] graphicsmagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2017-11-10T20:29:43", "id": "DEBIAN:DLA-1168-1:C7018", "href": "https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:02", "description": "\nThis updates fixes numerous vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure, or the\nexecution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT,\nPSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types\nof files are processed.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u17.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-11T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175", "CVE-2017-14060", "CVE-2017-14224", "CVE-2017-13758", "CVE-2017-12691", "CVE-2017-14172", "CVE-2017-15017", "CVE-2017-13768", "CVE-2017-14989", "CVE-2017-12692", "CVE-2017-14173", "CVE-2017-14607", "CVE-2017-14505", "CVE-2017-14400", "CVE-2017-14341", "CVE-2017-12693", "CVE-2017-14682", "CVE-2017-13769", "CVE-2017-12875", "CVE-2017-14741", "CVE-2017-15016", "CVE-2017-14739", "CVE-2017-14249", "CVE-2017-14174"], "modified": "2022-08-05T05:17:59", "id": "OSV:DLA-1131-1", "href": "https://osv.dev/vulnerability/DLA-1131-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "prion": [{"lastseen": "2023-11-22T03:03:29", "description": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-04T23:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14138"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-14138", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:01:29", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2020-10-14T18:52:00", "id": "PRION:CVE-2017-12669", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:59:36", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11535", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:04:11", "description": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-18T01:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-14531", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14531", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:04:19", "description": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-09-20T17:29:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14607"], "modified": "2019-04-17T15:10:00", "id": "PRION:CVE-2017-14607", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14607", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-11-22T03:03:33", "description": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2020-10-15T16:07:00", "id": "PRION:CVE-2017-14175", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14175", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:02:55", "description": "The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-30T09:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2021-04-28T18:08:00", "id": "PRION:CVE-2017-13769", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:04:55", "description": "A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-03T01:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-14989", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:03:33", "description": "In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"extent\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2020-10-15T16:02:00", "id": "PRION:CVE-2017-14172", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14172", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:59:35", "description": "The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2017-07-28T13:58:00", "id": "PRION:CVE-2017-11527", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11527", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:01:28", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2020-10-14T18:24:00", "id": "PRION:CVE-2017-12644", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:07:34", "description": "coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-09T00:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2020-01-27T21:15:00", "id": "PRION:CVE-2017-16669", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-16669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:03:33", "description": "In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation \"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large \"max_value\" value.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2020-10-15T16:07:00", "id": "PRION:CVE-2017-14173", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:03:48", "description": "ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14342"], "modified": "2019-04-17T13:49:00", "id": "PRION:CVE-2017-14342", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:07:21", "description": "The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16545"], "modified": "2018-10-18T10:29:00", "id": "PRION:CVE-2017-16545", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-16545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:07:22", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2020-10-22T19:20:00", "id": "PRION:CVE-2017-16546", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:02:00", "description": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-21T07:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-12983", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:06:17", "description": "In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 5.9}, "published": "2017-10-27T18:29:00", "type": "prion", "title": "Null pointer dereference", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15930"], "modified": "2019-06-30T03:15:00", "id": "PRION:CVE-2017-15930", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-15930", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:04:30", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-14733", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:03:50", "description": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2020-10-15T16:07:00", "id": "PRION:CVE-2017-14341", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-14341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:00:31", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T05:29:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2020-09-08T00:15:00", "id": "PRION:CVE-2017-12140", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:59:35", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11523", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T02:59:48", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2018-06-14T01:29:00", "id": "PRION:CVE-2017-11640", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:21", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-12587", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:58:54", "description": "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T15:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11188"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11188", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11188", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:00:00", "description": "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-30T18:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11752"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-11752", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-11752", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:03", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12435"], "modified": "2020-09-08T00:15:00", "id": "PRION:CVE-2017-12435", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12435", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-11-22T03:02:17", "description": "In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T03:29:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13134"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-13134", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-13134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:05:14", "description": "ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-10T20:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15217"], "modified": "2019-10-03T00:03:00", "id": "PRION:CVE-2017-15217", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-15217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T03:01:29", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2020-10-14T18:25:00", "id": "PRION:CVE-2017-12662", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-05T15:25:50", "description": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in\ncoders/webp.c because memory is not freed in certain error cases, as\ndemonstrated by VP8 errors.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/639>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | webp is not built\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14138", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14138"], "modified": "2017-09-04T00:00:00", "id": "UB:CVE-2017-14138", "href": "https://ubuntu.com/security/CVE-2017-14138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:18:51", "description": "coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a\ndenial of service (heap-based buffer overflow and application crash) or\npossibly have unspecified other impact via a crafted file, related to the\nAcquireCacheNexus function in magick/pixel_cache.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-09T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16669", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2017-11-09T00:00:00", "id": "UB:CVE-2017-16669", "href": "https://ubuntu.com/security/CVE-2017-16669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:39:43", "description": "The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and\n7.x before 7.0.6-1 allows remote attackers to cause a denial of service\n(memory consumption) via a crafted file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/523>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867812>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0234-memory-exhaustion-in-ReadDPXImage-in-dpx.c.patch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11527", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2017-07-23T00:00:00", "id": "UB:CVE-2017-11527", "href": "https://ubuntu.com/security/CVE-2017-11527", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:25:17", "description": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in\ncoders/wpg.c, causing CPU exhaustion via a crafted wpg image file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/654>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876105>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0318-CVE-2017-14341-Fix-DoS-CPU-exhaustion-in-ReadWPGImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14341", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2017-09-12T00:00:00", "id": "UB:CVE-2017-14341", "href": "https://ubuntu.com/security/CVE-2017-14341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:25:35", "description": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to\nlack of an EOF (End of File) check might cause huge CPU consumption. When a\ncrafted XBM file, which claims large rows and columns fields in the header\nbut does not contain sufficient backing data, is provided, the loop over\nthe rows would consume huge CPU resources, since there is no EOF check\ninside the loop.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/712>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875502>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0314-CVE-2017-14175-Fix-DoS-missing-EOF-check-in-ReadXBMImage-1-of-2.patch and 0315-CVE-2017-14175-Fix-DoS-missing-EOF-check-in-ReadXBMImage-2-of-2.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14175", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2017-09-07T00:00:00", "id": "UB:CVE-2017-14175", "href": "https://ubuntu.com/security/CVE-2017-14175", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:26:20", "description": "The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick\nthrough 7.0.6-10 allows an attacker to cause a denial of service (buffer\nover-read) by sending a crafted JPEG file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/705>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878507>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0308-CVE-2017-13769-Fix-buffer-over-read-in-WriteTHUMBNAILImage-1-of-2.patch and 0309-CVE-2017-13769-Fix-buffer-over-read-in-WriteTHUMBNAILImage-2-of-2.patch in wheezy 0250-CVE-2017-13769.patch in jessie 0102-CVE-2017-13769.patch in unstable\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13769", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2017-08-30T00:00:00", "id": "UB:CVE-2017-13769", "href": "https://ubuntu.com/security/CVE-2017-13769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:03", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in\ncoders/cals.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/571>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870475>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0126-memory-leak-in-WriteCALSImage.patch in unstable not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12669", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12669", "href": "https://ubuntu.com/security/CVE-2017-12669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:22:49", "description": "A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick\n7.0.7-4 Q16 allows attackers to crash the application via a crafted font\nfile, because the FT_Done_Glyph function (from FreeType 2) is called at an\nincorrect place in the ImageMagick code.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/781>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878562>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0325-CVE-2017-14989-Fix-use-after-free-in-RenderFreeType.patch in wheezy 0254-CVE-2017-14989.patch in jessie 0106-CVE-2017-14989.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14989", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2017-10-02T00:00:00", "id": "UB:CVE-2017-14989", "href": "https://ubuntu.com/security/CVE-2017-14989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto a heap-based buffer over-read in the WritePSImage() function in\ncoders/ps.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/561>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869827>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0096-CVE-2017-11535-heap-based-overflow-in-ps.c.patch in unstable 0083-CVE-2017-11535-heap-based-overflow-in-ps.c.patch in stretch 0251-CVE-2017-11535-Fix-buffer-over-read-in-convert-WritePSImage.patch in wheezy 0270-CVE-2017-11535.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11535", "href": "https://ubuntu.com/security/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:25:36", "description": "In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to\nlack of an EOF (End of File) check might cause huge CPU consumption. When a\ncrafted PSD file, which claims a large \"extent\" field in the header but\ndoes not contain sufficient backing data, is provided, the loop over\n\"length\" would consume huge CPU resources, since there is no EOF check\ninside the loop.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/715>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875506>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0311-CVE-2017-14172-Fix-DoS-missing-EOF-check-in-ReadPSImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14172", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2017-09-07T00:00:00", "id": "UB:CVE-2017-14172", "href": "https://ubuntu.com/security/CVE-2017-14172", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:25:45", "description": "In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an\ninteger overflow might occur for the addition operation\n\"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value\nthan expected. As a result, an infinite loop would occur for a crafted TXT\nfile that claims a very large \"max_value\" value.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/713>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875504>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0312-CVE-2017-14173-Fix-infinite-loop-in-ReadTXTImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14173", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2017-09-07T00:00:00", "id": "UB:CVE-2017-14173", "href": "https://ubuntu.com/security/CVE-2017-14173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-05T15:24:01", "description": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to\nReadTIFFImage has been reported in coders/tiff.c. An attacker could\npossibly exploit this flaw to disclose potentially sensitive memory or\ncause an application crash.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/765>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878527>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0321-CVE-2017-14607-Fix-out-of-bounds-read-in-ReadTIFFImage.patch in wheezy 0252-CVE-2017-14607.patch in jessie 0104-CVE-2017-14607.patch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-09-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14607", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14607"], "modified": "2017-09-20T00:00:00", "id": "UB:CVE-2017-14607", "href": "https://ubuntu.com/security/CVE-2017-14607", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-12-05T15:19:33", "description": "In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer\nDereference occurs while transferring JPEG scanlines, related to a\nPixelPacket pointer.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879999>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T00:00:00", "type": "ubuntucve", "title": "CVE-2017-15930", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15930"], "modified": "2017-10-27T00:00:00", "id": "UB:CVE-2017-15930", "href": "https://ubuntu.com/security/CVE-2017-15930", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:39:09", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in\ncoders\\dcm.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/551>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12644", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12644", "href": "https://ubuntu.com/security/CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:24:09", "description": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in\ncoders/sun.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/718>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-17T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14531", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2017-09-17T00:00:00", "id": "UB:CVE-2017-14531", "href": "https://ubuntu.com/security/CVE-2017-14531", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:27:14", "description": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in\nImageMagick 7.0.6-8 allows remote attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact via a crafted\nfile.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/682>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873134>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0290-CVE-2017-12983-Fix-heap-based-buffer-overflow-in-ReadSFWImage.patch in wheezy 0248-CVE-2017-12983.patch in jessie 0099-CVE-2017-12983.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-21T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2017-08-21T00:00:00", "id": "UB:CVE-2017-12983", "href": "https://ubuntu.com/security/CVE-2017-12983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:19:05", "description": "The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not\nproperly validate colormapped images, which allows remote attackers to\ncause a denial of service (ImportIndexQuantumType invalid write and\napplication crash) or possibly have unspecified other impact via a\nmalformed WPG image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16545", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16545"], "modified": "2017-11-05T00:00:00", "id": "UB:CVE-2017-16545", "href": "https://ubuntu.com/security/CVE-2017-16545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:19:06", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not\nproperly validate the colormap index in a WPG palette, which allows remote\nattackers to cause a denial of service (use of uninitialized data or\ninvalid memory allocation) or possibly have unspecified other impact via a\nmalformed WPG file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/851>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881392>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0263-CVE-2017-16546.patch in jessie 0109-CVE-2017-16546.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2017-11-05T00:00:00", "id": "UB:CVE-2017-16546", "href": "https://ubuntu.com/security/CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:23:18", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE\nheaders that specify too few colors, which allows remote attackers to cause\na denial of service (heap-based buffer over-read and application crash) via\na crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2017-09-25T00:00:00", "id": "UB:CVE-2017-14733", "href": "https://ubuntu.com/security/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:19", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an\ninteger signedness error leading to excessive memory consumption via a\ncrafted DCM file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/533>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0261-CVE-2017-12140-Fix-excessive-memory-consumption-in-ReadDCMImage-via-crafted-file.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12140", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2017-08-02T00:00:00", "id": "UB:CVE-2017-12140", "href": "https://ubuntu.com/security/CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T14:39:14", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage\nfunction in coders\\pwp.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/535>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870526>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0142-Avoid-unbounded-loop-in-pwp-coder.patch in unstable 0098-Avoid-unbounded-loop-in-pwp-coder.patchin stretch 0276-CVE-2017-12587-Fix-large-loop-vulnerability-in-ReadPWPImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12587", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2017-08-06T00:00:00", "id": "UB:CVE-2017-12587", "href": "https://ubuntu.com/security/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:22:03", "description": "ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/759>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-10T00:00:00", "type": "ubuntucve", "title": "CVE-2017-15217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15217"], "modified": "2017-10-10T00:00:00", "id": "UB:CVE-2017-15217", "href": "https://ubuntu.com/security/CVE-2017-15217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:40:17", "description": "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a\nlarge loop vulnerability that can cause CPU exhaustion via a crafted DPX\nfile, related to lack of an EOF check.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/509>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0058-1-2-CPU-exhaustion-in-ReadDPXImage.patch and 0059-1-2-CPU-exhaustion-in-ReadDPXImage.patch\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11188", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11188"], "modified": "2017-07-12T00:00:00", "id": "UB:CVE-2017-11188", "href": "https://ubuntu.com/security/CVE-2017-11188", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T14:39:17", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the\nfunction ReadSUNImage in coders/sun.c, which allows attackers to cause a\ndenial of service.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/543>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870504>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0138-memory-exhaustion-in-ReadSUNImage.patch in unstable 0270-CVE-2017-12435-Fix-memory-exhaustion-in-ReadSUNImage.patch in wheezy\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12435", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12435"], "modified": "2017-08-04T00:00:00", "id": "UB:CVE-2017-12435", "href": "https://ubuntu.com/security/CVE-2017-12435", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T14:39:36", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead\nto an address access exception in the WritePTIFImage() function in\ncoders/tiff.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/584>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870067>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0113-CVE-2017-11640.patch in unstable 0090-CVE-2017-11640.patch in stretch 0255-CVE-2017-11640-Fix-address-access-exception-in-convert-WritePTIFImage-1-2.patch in wheezy 0257-CVE-2017-11640.patch in jessie\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2017-07-26T00:00:00", "id": "UB:CVE-2017-11640", "href": "https://ubuntu.com/security/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:24", "description": "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4\nallows remote attackers to cause a denial of service (memory leak) via a\ncrafted file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/628>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870481>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0129-CVE-2017-11752.patch in unstable 0260-CVE-2017-11752-Fix-denial-of-service-memory-leak-in-ReadMAGICKImage.patch in wheezy not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-30T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11752", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11752"], "modified": "2017-07-30T00:00:00", "id": "UB:CVE-2017-11752", "href": "https://ubuntu.com/security/CVE-2017-11752", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:46", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0\nand 7.x through 7.0.6-1 allows remote attackers to cause a denial of\nservice (infinite loop) via a crafted file, because the end-of-file\ncondition is not considered.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/591>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869210>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0102-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in unstable This is 0087-CVE-2017-11523-endless-loop-in-ReadTXTImage.patch in stretch This is 0243-Fix-endless-loop-in-ReadTXTImage.patch in wheezy not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11523", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2017-07-22T00:00:00", "id": "UB:CVE-2017-11523", "href": "https://ubuntu.com/security/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-05T15:27:09", "description": "In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer\nover-read was found in the function SFWScan in coders/sfw.c, which allows\nattackers to cause a denial of service via a crafted file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/670>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0292-CVE-2017-13134-Fix-heap-based-buffer-overflow-in-SFWScan.patch in wheezy 0249-CVE-2017-13134.patch in jessie 0100-CVE-2017-13134.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13134", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13134"], "modified": "2017-08-22T00:00:00", "id": "UB:CVE-2017-13134", "href": "https://ubuntu.com/security/CVE-2017-13134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T14:39:04", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in\ncoders/pdf.c.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/576>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870492>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0133-Memory-leak-in-pdf-coder.patch in unstable not fixing memory leak in trusty and xenial\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12662", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12662"], "modified": "2017-08-07T00:00:00", "id": "UB:CVE-2017-12662", "href": "https://ubuntu.com/security/CVE-2017-12662", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T15:25:14", "description": "ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage\nin coders/wpg.c via a crafted wpg image file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/650>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | according with git report this vulnerability allow attackers to cause a denial of service via crafted file\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14342", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14342"], "modified": "2017-09-12T00:00:00", "id": "UB:CVE-2017-14342", "href": "https://ubuntu.com/security/CVE-2017-14342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "debiancve", "title": "CVE-2017-12669", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2017-08-07T21:29:00", "id": "DEBIANCVE:CVE-2017-12669", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-04T23:29:00", "type": "debiancve", "title": "CVE-2017-14138", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14138"], "modified": "2017-09-04T23:29:00", "id": "DEBIANCVE:CVE-2017-14138", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-18T01:29:00", "type": "debiancve", "title": "CVE-2017-14531", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2017-09-18T01:29:00", "id": "DEBIANCVE:CVE-2017-14531", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14531", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "debiancve", "title": "CVE-2017-11527", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2017-07-23T03:29:00", "id": "DEBIANCVE:CVE-2017-11527", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11527", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "debiancve", "title": "CVE-2017-16546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2017-11-05T22:29:00", "id": "DEBIANCVE:CVE-2017-16546", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-30T09:29:00", "type": "debiancve", "title": "CVE-2017-13769", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2017-08-30T09:29:00", "id": "DEBIANCVE:CVE-2017-13769", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-09-20T17:29:00", "type": "debiancve", "title": "CVE-2017-14607", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14607"], "modified": "2017-09-20T17:29:00", "id": "DEBIANCVE:CVE-2017-14607", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14607", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "debiancve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2017-07-23T03:29:00", "id": "DEBIANCVE:CVE-2017-11535", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation \"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large \"max_value\" value.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "debiancve", "title": "CVE-2017-14173", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2017-09-07T06:29:00", "id": "DEBIANCVE:CVE-2017-14173", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T15:29:00", "type": "debiancve", "title": "CVE-2017-11188", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11188"], "modified": "2017-07-12T15:29:00", "id": "DEBIANCVE:CVE-2017-11188", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11188", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "debiancve", "title": "CVE-2017-14175", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2017-09-07T06:29:00", "id": "DEBIANCVE:CVE-2017-14175", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14175", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-21T07:29:00", "type": "debiancve", "title": "CVE-2017-12983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2017-08-21T07:29:00", "id": "DEBIANCVE:CVE-2017-12983", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-03T01:29:00", "type": "debiancve", "title": "CVE-2017-14989", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2017-10-03T01:29:00", "id": "DEBIANCVE:CVE-2017-14989", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:27", "description": "coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-09T00:29:00", "type": "debiancve", "title": "CVE-2017-16669", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2017-11-09T00:29:00", "id": "DEBIANCVE:CVE-2017-16669", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:27", "description": "The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "debiancve", "title": "CVE-2017-16545", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16545"], "modified": "2017-11-05T22:29:00", "id": "DEBIANCVE:CVE-2017-16545", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"extent\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "debiancve", "title": "CVE-2017-14172", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2017-09-07T06:29:00", "id": "DEBIANCVE:CVE-2017-14172", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14172", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:27", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "debiancve", "title": "CVE-2017-14733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2017-09-25T21:29:00", "id": "DEBIANCVE:CVE-2017-14733", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T05:29:00", "type": "debiancve", "title": "CVE-2017-12140", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2017-08-02T05:29:00", "id": "DEBIANCVE:CVE-2017-12140", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-10T20:29:00", "type": "debiancve", "title": "CVE-2017-15217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15217"], "modified": "2017-10-10T20:29:00", "id": "DEBIANCVE:CVE-2017-15217", "href": "https://security-tracker.debian.org/tracker/CVE-2017-15217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "debiancve", "title": "CVE-2017-12644", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2017-08-07T15:29:00", "id": "DEBIANCVE:CVE-2017-12644", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "debiancve", "title": "CVE-2017-14341", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2017-09-12T17:29:00", "id": "DEBIANCVE:CVE-2017-14341", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "debiancve", "title": "CVE-2017-12587", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2017-08-06T14:29:00", "id": "DEBIANCVE:CVE-2017-12587", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "debiancve", "title": "CVE-2017-11640", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2017-07-26T08:29:00", "id": "DEBIANCVE:CVE-2017-11640", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:27", "description": "In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T18:29:00", "type": "debiancve", "title": "CVE-2017-15930", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15930"], "modified": "2017-10-27T18:29:00", "id": "DEBIANCVE:CVE-2017-15930", "href": "https://security-tracker.debian.org/tracker/CVE-2017-15930", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "debiancve", "title": "CVE-2017-12435", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12435"], "modified": "2017-08-04T10:29:00", "id": "DEBIANCVE:CVE-2017-12435", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12435", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-30T18:29:00", "type": "debiancve", "title": "CVE-2017-11752", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11752"], "modified": "2017-07-30T18:29:00", "id": "DEBIANCVE:CVE-2017-11752", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11752", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:27", "description": "In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T03:29:00", "type": "debiancve", "title": "CVE-2017-13134", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13134"], "modified": "2017-08-23T03:29:00", "id": "DEBIANCVE:CVE-2017-13134", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-03T15:21:45", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "debiancve", "title": "CVE-2017-11523", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2017-07-22T21:29:00", "id": "DEBIANCVE:CVE-2017-11523", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:21:45", "description": "ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "debiancve", "title": "CVE-2017-14342", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14342"], "modified": "2017-09-12T17:29:00", "id": "DEBIANCVE:CVE-2017-14342", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-04-18T16:15:14", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a WPG image file to the application, causing a heap allocation error that can crash the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-06T04:17:09", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2020-10-22T21:09:52", "id": "VERACODE:5378", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5378/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:14:52", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a corrupted SUN image file to the application, causing the library to allocate too much memory, leading to memory exhaustion or the application crashing.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-18T09:54:49", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2019-10-03T07:16:38", "id": "VERACODE:5121", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5121/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:14:54", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. These attacks are possible because `ReadDPXImage` function doesn't restrict the amount of memory allocated to store data. Attackers can leverage this flaw to consume memory and crash the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T22:31:39", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Consumption", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2019-05-15T06:18:27", "id": "VERACODE:4633", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4633/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T13:28:17", "description": "ImageMagick is susceptible to denial of service (DoS). The attack is possible due to the lack of proper validation of input WPG image in the `ReadWPGImage` function in coders/wpg.c, allowing an attacker to trigger `ImportIndexQuantumType` invalid write or crash the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-21T06:27:40", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16545"], "modified": "2022-04-19T18:34:37", "id": "VERACODE:20576", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-20576/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:14:38", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a PSD file to the system causing big loop that consumes a large amount of CPU resources. This is due to the library lacking an end of file (EOF) check.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-08T02:01:50", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Consumption", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2020-10-15T19:09:40", "id": "VERACODE:5034", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5034/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T15:43:04", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The attacks can be launched because the `WriteTHUMBNAILImage()` function in `coders/thumbnail.c` cannot handle malicious JPEG files and causes buffer over-read.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-12T02:18:20", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2021-04-28T20:50:41", "id": "VERACODE:5268", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5268/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:24:07", "description": "ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the `TIFFWriteScanline()` function in `tif_write.c` can be triggered through a file being processed in convert.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-24T00:13:00", "type": "veracode", "title": "Heap-based Buffer Over-read", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T07:05:18", "id": "VERACODE:4640", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4640/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:16:07", "description": "ImageMagick is vulnerable to memory leak vulnerability. A malicious user can trigger the vulnerability by inputting a CALS image to `WriteCALSImage()` function in coders/cals.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-08T07:26:02", "type": "veracode", "title": "Memory Leak Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2020-10-14T21:09:37", "id": "VERACODE:4891", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4891/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:28:21", "description": "ImageMagick is susceptible to a use-after-free vulnerability. The vulnerability exists in the `RenderFreetype()` function of `magick/annotate.c`. Calling the `FT_Done_Glyph()` method at a wrong place in the code allows the attacker to trigger the attack by sending a malicious font file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-04T01:25:22", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2019-05-15T06:18:29", "id": "VERACODE:5220", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5220/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:16:09", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks through heap-based buffer overflows and possibly other attacks. A malicious user can pass a SFW file to the system to cause a heap-based buffer overflow, causing the application to crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-22T00:05:52", "type": "veracode", "title": "Denial Of Service (DoS) Through Heap Based Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2019-05-15T06:18:29", "id": "VERACODE:4932", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4932/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:29:55", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a txt file to the application through the `ReadTXTImage()` function in `coders/txt.c` to cause an infinite loop.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-08T02:59:04", "type": "veracode", "title": "Denial Of Service (DoS) Through Infinite Loop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2020-10-15T19:09:40", "id": "VERACODE:5035", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5035/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T12:16:36", "description": "graphicsmagick is vulnerable to arbitrary code execution. The vulnerability exists as through a heap-based buffer overflow in the `AcquireCacheNexus` function in `magick/pixel_cache.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-21T06:25:43", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2022-04-19T18:38:06", "id": "VERACODE:26917", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26917/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:16:09", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A large loop occurs when a malicious user passes a large PWP file to the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T07:29:43", "type": "veracode", "title": "Denial Of Service (DoS) Through Large Loop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T07:15:32", "id": "VERACODE:4875", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4875/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T13:49:46", "description": "ImageMagick is vulnerable to denial of service. The vulnerability existed in ReadXBMImage() due to lack of an EOF (End of File) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-06T03:43:57", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2022-04-19T18:34:53", "id": "VERACODE:28259", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28259/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T12:16:37", "description": "graphicsmagick:xenial is vulnerable to denial of service (DoS). ReadOneJNGImage in coders/png.c results in a Null Pointer Dereference while transferring JPEG scanlines.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-21T06:27:29", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15930"], "modified": "2022-04-19T18:38:55", "id": "VERACODE:26955", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26955/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:14:56", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks through memory exhaustion. A malicious user can pass a `dcm` file to the system to cause the application to run out memory, causing it to crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T13:25:20", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2020-09-11T12:07:49", "id": "VERACODE:4851", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4851/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:29:18", "description": "ImageMagick is vulnerable to address access exception. The exception is possible in the `WritePTIFImage()` function in `coders/tiff.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-27T09:03:37", "type": "veracode", "title": "Address Access Exception", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2019-05-15T06:18:27", "id": "VERACODE:4752", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4752/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:10:52", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks because of an infinite loop.The library does not properly check when a DPX file has ended, opting to iterate through the entire memory space of an unsigned integer. This can allow a malicious user to exhaust the application's resources by sending multiple DPX files to the system to read.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-13T02:28:44", "type": "veracode", "title": "Denial Of Service (DoS) Through Large Loop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11188"], "modified": "2019-10-03T07:05:09", "id": "VERACODE:4565", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4565/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:29:08", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks through a heap buffer overflow. A malicious user can pass a `sfw` file to the application to cause a heap buffer overflow, crashing the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-24T05:46:53", "type": "veracode", "title": "Denial Of Service (DoS) Through Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13134"], "modified": "2020-09-24T01:45:26", "id": "VERACODE:4956", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4956/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:14:48", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a wpg file to the application to cause a large loop that consumes large amount of CPU through the `ReadWPGImage()` function in `coders/wpg.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-13T06:55:30", "type": "veracode", "title": "Denial Of Service (DoS) Through CPU Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2020-10-15T19:09:42", "id": "VERACODE:5078", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5078/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:10:47", "description": "ImageMagick is susceptible to denial of service (DoS) through memory exhaustion. This is possible because the application does not properly handle memory allocation, allowing a malicious user to crash the application through a malicious file input to `ReadSUNImage()` in coders/sun.c\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-07T03:29:53", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12435"], "modified": "2020-09-13T16:06:26", "id": "VERACODE:4870", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4870/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:14:44", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. The `ReadTXTImage` function doesn't take into account the end-of-file condition when reading files which causes it to enter an infinite loop.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T21:44:35", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T07:09:35", "id": "VERACODE:4630", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4630/summary", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T16:30:10", "description": "ImageMagick is vulnerable to denial of service (DoS) attacks. A malicious user can pass a wpg file to the application through the `ReadWPGImage()` function in `coders/wpg.c` to cause memory exhaustion that can crash the application.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-13T07:13:01", "type": "veracode", "title": "Denial Of Service (DoS) Through Memory Exhaustion", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14342"], "modified": "2019-05-15T06:18:29", "id": "VERACODE:5079", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5079/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T16:28:09", "description": "ImageMagick is vulnerable to denial of service attacks (DoS) through memory leaks. A memory leak is caused when a malicious user passes an SGI file to the `ReadSGIImage()` function in `coders/sgi.c`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-11T02:47:52", "type": "veracode", "title": "Memory Leak", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15217"], "modified": "2019-10-03T07:13:42", "id": "VERACODE:5260", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-5260/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:57:39", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "cve", "title": "CVE-2017-16546", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2020-10-22T19:20:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:imagemagick:imagemagick:7.0.7-9", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-16546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:45:02", "description": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "cve", "title": "CVE-2017-14175", "cwe": ["CWE-834"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2020-10-15T16:07:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-14175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14175", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:53", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T21:29:00", "type": "cve", "title": "CVE-2017-12669", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2020-10-14T18:52:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-2"], "id": "CVE-2017-12669", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:44:52", "description": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-04T23:29:00", "type": "cve", "title": "CVE-2017-14138", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14138"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-5"], "id": "CVE-2017-14138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:45:00", "description": "In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"extent\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "cve", "title": "CVE-2017-14172", "cwe": ["CWE-834"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2020-10-15T16:02:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-14172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14172", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:46:56", "description": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-18T01:29:00", "type": "cve", "title": "CVE-2017-14531", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14531", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14531", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2023-12-03T14:33:21", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "cve", "title": "CVE-2017-11535", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:43:02", "description": "The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-30T09:29:00", "type": "cve", "title": "CVE-2017-13769", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2021-04-28T18:08:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-10", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-13769", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:49:26", "description": "A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-03T01:29:00", "type": "cve", "title": "CVE-2017-14989", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-4"], "id": "CVE-2017-14989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.7-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:16", "description": "The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-23T03:29:00", "type": "cve", "title": "CVE-2017-11527", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2017-07-28T13:58:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.5-10", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.6-0", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:7.0.5-9", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:6.9.8-10", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-11527", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11527", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.8-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:40:24", "description": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-21T07:29:00", "type": "cve", "title": "CVE-2017-12983", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-8"], "id": "CVE-2017-12983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:58:15", "description": "coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-09T00:29:00", "type": "cve", "title": "CVE-2017-16669", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16669"], "modified": "2020-01-27T21:15:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:graphicsmagick:graphicsmagick:1.3.26", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-16669", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:47:21", "description": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-09-20T17:29:00", "type": "cve", "title": "CVE-2017-14607", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14607"], "modified": "2019-04-17T15:10:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-4", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14607", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14607", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:45:00", "description": "In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation \"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large \"max_value\" value.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-07T06:29:00", "type": "cve", "title": "CVE-2017-14173", "cwe": ["CWE-190", "CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2020-10-15T16:07:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-10", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-14173", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:57:39", "description": "The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "cve", "title": "CVE-2017-16545", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16545"], "modified": "2023-11-07T02:40:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.26"], "id": "CVE-2017-16545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:54:22", "description": "In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T18:29:00", "type": "cve", "title": "CVE-2017-15930", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15930"], "modified": "2023-11-07T02:40:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.26", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-15930", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15930", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:47:59", "description": "ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-25T21:29:00", "type": "cve", "title": "CVE-2017-14733", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14733"], "modified": "2023-11-07T02:39:00", "cpe": ["cpe:/a:graphicsmagick:graphicsmagick:1.3.26", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-14733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.26:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:35:51", "description": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-02T05:29:00", "type": "cve", "title": "CVE-2017-12140", "cwe": ["CWE-681", "CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12140"], "modified": "2020-09-08T00:15:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12140", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:41:14", "description": "In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-08-23T03:29:00", "type": "cve", "title": "CVE-2017-13134", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13134"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-6"], "id": "CVE-2017-13134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:46", "description": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-07T15:29:00", "type": "cve", "title": "CVE-2017-12644", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12644"], "modified": "2020-10-14T18:24:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12644", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:50:35", "description": "ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-10T20:29:00", "type": "cve", "title": "CVE-2017-15217", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15217"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.7-2", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-15217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2023-12-03T14:31:39", "description": "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T15:29:00", "type": "cve", "title": "CVE-2017-11188", "cwe": ["CWE-834"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11188"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-0"], "id": "CVE-2017-11188", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11188", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:38:26", "description": "ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-06T14:29:00", "type": "cve", "title": "CVE-2017-12587", "cwe": ["CWE-834"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12587"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12587", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12587", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:15", "description": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-22T21:29:00", "type": "cve", "title": "CVE-2017-11523", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11523"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.4-0", "cpe:/a:imagemagick:imagemagick:7.0.5-6", "cpe:/a:imagemagick:imagemagick:7.0.1-10", "cpe:/a:imagemagick:imagemagick:7.0.4-6", "cpe:/a:imagemagick:imagemagick:7.0.4-7", "cpe:/a:imagemagick:imagemagick:7.0.2-2", "cpe:/a:imagemagick:imagemagick:7.0.4-2", "cpe:/a:imagemagick:imagemagick:7.0.3-1", "cpe:/a:imagemagick:imagemagick:7.0.1-3", "cpe:/a:imagemagick:imagemagick:7.0.1-7", "cpe:/a:imagemagick:imagemagick:7.0.2-5", "cpe:/a:imagemagick:imagemagick:7.0.4-3", "cpe:/a:imagemagick:imagemagick:7.0.1-2", "cpe:/a:imagemagick:imagemagick:7.0.2-3", "cpe:/a:imagemagick:imagemagick:7.0.2-8", "cpe:/a:imagemagick:imagemagick:7.0.1-1", "cpe:/a:imagemagick:imagemagick:7.0.3-8", "cpe:/a:imagemagick:imagemagick:7.0.3-7", "cpe:/a:imagemagick:imagemagick:7.0.2-10", "cpe:/a:imagemagick:imagemagick:7.0.3-10", "cpe:/a:imagemagick:imagemagick:7.0.5-5", "cpe:/a:imagemagick:imagemagick:6.9.9-0", "cpe:/a:imagemagick:imagemagick:7.0.5-7", "cpe:/a:imagemagick:imagemagick:7.0.4-5", "cpe:/a:imagemagick:imagemagick:7.0.1-8", "cpe:/a:imagemagick:imagemagick:7.0.5-4", "cpe:/a:imagemagick:imagemagick:7.0.0-0", "cpe:/a:imagemagick:imagemagick:7.0.3-4", "cpe:/a:imagemagick:imagemagick:7.0.5-8", "cpe:/a:imagemagick:imagemagick:7.0.2-9", "cpe:/a:imagemagick:imagemagick:7.0.3-3", "cpe:/a:imagemagick:imagemagick:7.0.1-4", "cpe:/a:imagemagick:imagemagick:7.0.4-4", "cpe:/a:imagemagick:imagemagick:7.0.4-1", "cpe:/a:imagemagick:imagemagick:7.0.2-4", "cpe:/a:imagemagick:imagemagick:7.0.5-1", "cpe:/a:imagemagick:imagemagick:7.0.3-9", "cpe:/a:imagemagick:imagemagick:7.0.6-1", "cpe:/a:imagemagick:imagemagick:7.0.1-9", "cpe:/a:imagemagick:imagemagick:7.0.3-5", "cpe:/a:imagemagick:imagemagick:7.0.4-9", "cpe:/a:imagemagick:imagemagick:7.0.2-7", "cpe:/a:imagemagick:imagemagick:7.0.2-6", "cpe:/a:imagemagick:imagemagick:7.0.3-0", "cpe:/a:imagemagick:imagemagick:7.0.4-8", "cpe:/a:imagemagick:imagemagick:7.0.2-1", "cpe:/a:imagemagick:imagemagick:7.0.1-6", "cpe:/a:imagemagick:imagemagick:7.0.4-10", "cpe:/a:imagemagick:imagemagick:7.0.3-6", "cpe:/a:imagemagick:imagemagick:7.0.1-5", "cpe:/a:imagemagick:imagemagick:7.0.5-0", "cpe:/a:imagemagick:imagemagick:7.0.2-0", "cpe:/a:imagemagick:imagemagick:7.0.1-0", "cpe:/a:imagemagick:imagemagick:7.0.3-2"], "id": "CVE-2017-11523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11523", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:6.9.9-0:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:53", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-26T08:29:00", "type": "cve", "title": "CVE-2017-11640", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11640"], "modified": "2018-06-14T01:29:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-11640", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11640", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:45:53", "description": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "cve", "title": "CVE-2017-14341", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2020-10-15T16:07:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:imagemagick:imagemagick:7.0.6-6", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2023-12-03T14:34:26", "description": "The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-30T18:29:00", "type": "cve", "title": "CVE-2017-11752", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11752"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-4"], "id": "CVE-2017-11752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11752", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:45:56", "description": "ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-12T17:29:00", "type": "cve", "title": "CVE-2017-14342", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14342"], "modified": "2019-04-17T13:49:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:imagemagick:imagemagick:7.0.6-6", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2023-12-03T14:37:35", "description": "In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-04T10:29:00", "type": "cve", "title": "CVE-2017-12435", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12435"], "modified": "2020-09-08T00:15:00", "cpe": ["cpe:/a:imagemagick:imagemagick:7.0.6-1"], "id": "CVE-2017-12435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12435", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-05-22T02:44:24", "description": "In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"extent\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-09-08T08:00:26", "type": "redhatcve", "title": "CVE-2017-14172", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14172"], "modified": "2022-05-21T00:19:17", "id": "RH:CVE-2017-14172", "href": "https://access.redhat.com/security/cve/cve-2017-14172", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-07T11:11:57", "description": "A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-10-10T12:51:00", "type": "redhatcve", "title": "CVE-2017-14989", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14989"], "modified": "2022-07-07T09:08:23", "id": "RH:CVE-2017-14989", "href": "https://access.redhat.com/security/cve/cve-2017-14989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:49:03", "description": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T16:19:44", "type": "redhatcve", "title": "CVE-2017-11535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11535"], "modified": "2019-10-12T00:21:49", "id": "RH:CVE-2017-11535", "href": "https://access.redhat.com/security/cve/cve-2017-11535", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:47:57", "description": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-05T12:18:46", "type": "redhatcve", "title": "CVE-2017-14138", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14138"], "modified": "2019-10-12T00:50:51", "id": "RH:CVE-2017-14138", "href": "https://access.redhat.com/security/cve/cve-2017-14138", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:49:21", "description": "The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-25T14:21:36", "type": "redhatcve", "title": "CVE-2017-11527", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11527"], "modified": "2019-10-12T00:21:11", "id": "RH:CVE-2017-11527", "href": "https://access.redhat.com/security/cve/cve-2017-11527", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:01", "description": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-09T08:51:39", "type": "redhatcve", "title": "CVE-2017-14531", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14531"], "modified": "2019-10-12T01:13:03", "id": "RH:CVE-2017-14531", "href": "https://access.redhat.com/security/cve/cve-2017-14531", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:31", "description": "ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-13T12:19:05", "type": "redhatcve", "title": "CVE-2017-14341", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14341"], "modified": "2020-10-16T12:02:25", "id": "RH:CVE-2017-14341", "href": "https://access.redhat.com/security/cve/cve-2017-14341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:05", "description": "The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-01T17:48:33", "type": "redhatcve", "title": "CVE-2017-13769", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13769"], "modified": "2021-04-29T11:07:35", "id": "RH:CVE-2017-13769", "href": "https://access.redhat.com/security/cve/cve-2017-13769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:49:01", "description": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-24T13:20:09", "type": "redhatcve", "title": "CVE-2017-12669", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12669"], "modified": "2020-10-15T12:01:44", "id": "RH:CVE-2017-12669", "href": "https://access.redhat.com/security/cve/cve-2017-12669", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:47:56", "description": "In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation \"GetQuantumRange(depth)+1\" when \"depth\" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large \"max_value\" value.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-08T08:00:12", "type": "redhatcve", "title": "CVE-2017-14173", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14173"], "modified": "2020-10-16T12:02:22", "id": "RH:CVE-2017-14173", "href": "https://access.redhat.com/security/cve/cve-2017-14173", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:47:57", "description": "In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-08T08:30:23", "type": "redhatcve", "title": "CVE-2017-14175", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14175"], "modified": "2020-10-16T12:02:24", "id": "RH:CVE-2017-14175", "href": "https://access.redhat.com/security/cve/cve-2017-14175", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:48:17", "description": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-31T13:49:00", "type": "redhatcve", "title": "CVE-2017-12983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12983"], "modified": "2019-10-12T00:41:14", "id": "RH:CVE-2017-12983", "href": "https://access.redhat.com/security/cve/cve-2017-12983", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-08T05:22:03", "description": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-09-27T21:49:07", "type": "redhatcve", "title": "CVE-2017-14607", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14607"], "modified": "2022-06-08T03:47:30", "id": "RH:CVE-2017-14607", "href": "https://access.redhat.com/security/cve/cve-2017-14607", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-07T11:11:36", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uni