CVE-2016-7528

2016-08-25T00:00:00

Description

The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. #### Bugs * <https://bugs.launchpad.net/bugs/1537425> * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832483> * <https://github.com/ImageMagick/ImageMagick/issues/99> #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0106-Fix-out-of-bound-for-viff-file.patch

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	14.04	imagemagick	8:6.7.7.10-6ubuntu3.2
ubuntu	upstream	imagemagick	8:6.8.9.9-5+deb8u4
ubuntu	16.04	imagemagick	8:6.8.9.9-7ubuntu5.2
ubuntu	16.10	imagemagick	8:6.8.9.9-7ubuntu8.1

{"id": "UB:CVE-2016-7528", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2016-7528", "description": "The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote\nattackers to cause a denial of service (segmentation fault) via a crafted\nVIFF file.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1537425>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832483>\n * <https://github.com/ImageMagick/ImageMagick/issues/99>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is 0106-Fix-out-of-bound-for-viff-file.patch\n", "published": "2016-08-25T00:00:00", "modified": "2016-08-25T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2016-7528", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7528", "http://www.openwall.com/lists/oss-security/2016/08/07/1", "https://ubuntu.com/security/notices/USN-3131-1", "https://nvd.nist.gov/vuln/detail/CVE-2016-7528", "https://launchpad.net/bugs/cve/CVE-2016-7528", "https://security-tracker.debian.org/tracker/CVE-2016-7528"], "cvelist": ["CVE-2016-7528"], "immutableFields": [], "lastseen": "2023-03-06T14:25:40", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7528"]}, {"type": "debian", "idList": ["DEBIAN:DLA-731-1:2431F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7528"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3652.NASL", "EULEROS_SA-2019-2354.NASL", "EULEROS_SA-2020-1390.NASL", "OPENSUSE-2016-1229.NASL", "OPENSUSE-2016-1230.NASL", "OPENSUSE-2016-1242.NASL", "OPENSUSE-2016-1282.NASL", "OPENSUSE-2016-1430.NASL", "SUSE_SU-2016-2667-1.NASL", "SUSE_SU-2016-2964-1.NASL", "UBUNTU_USN-3131-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851511", "OPENVAS:1361412562311220192354", "OPENVAS:1361412562311220201390"]}, {"type": "osv", "idList": ["OSV:DLA-731-1", "OSV:DSA-3652-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3060-1", "SUSE-SU-2016:2964-1"]}, {"type": "ubuntu", "idList": ["USN-3131-1"]}]}, "score": {"value": 4.8, "vector": "NONE"}, "affectedPackage": {"addedAffectedPackage": [{"operator": "lt", "OS": "Ubuntu", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "arch": "noarch", "packageName": "libmagick++-6.q16-5v5", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "packageName": "imagemagick-6.q16", "OS": "Ubuntu", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "packageName": "libmagickcore-6.q16-2-extra", "OS": "Ubuntu", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "packageName": "libmagickcore-6.q16-2", "OS": "Ubuntu", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "arch": "noarch", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}, {"operator": "lt", "OS": "Ubuntu", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "arch": "noarch", "packageName": "imagemagick", "packageFilename": "UNKNOWN", "OSVersion": "16.10"}], "modified": "2021-07-31T00:19:33"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-7528"]}, {"type": "debian", "idList": ["DEBIAN:DLA-731-1:2431F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7528"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3131-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851511"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2964-1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-7528", "epss": "0.008670000", "percentile": "0.798560000", "modified": "2023-03-17"}], "vulnersScore": 4.8}, "_state": {"dependencies": 1678112844, "score": 1678112908, "epss": 1679077263}, "_internal": {"score_hash": "af41da9180dcff1f5947899ad5893c11"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "8:6.7.7.10-6ubuntu3.2", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "imagemagick"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "8:6.8.9.9-5+deb8u4", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "imagemagick"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "8:6.8.9.9-7ubuntu5.2", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "imagemagick"}, {"OS": "ubuntu", "OSVersion": "16.10", "arch": "noarch", "packageVersion": "8:6.8.9.9-7ubuntu8.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "imagemagick"}], "bugs": ["https://bugs.launchpad.net/bugs/1537425", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832483", "https://github.com/ImageMagick/ImageMagick/issues/99"]}

{"cve": [{"lastseen": "2023-02-09T14:18:42", "description": "The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-19T14:59:00", "type": "cve", "title": "CVE-2016-7528", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7528"], "modified": "2020-11-16T19:36:00", "cpe": ["cpe:/a:imagemagick:imagemagick:-"], "id": "CVE-2016-7528", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-02-23T06:08:30", "description": "The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-19T14:59:00", "type": "debiancve", "title": "CVE-2016-7528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7528"], "modified": "2017-04-19T14:59:00", "id": "DEBIANCVE:CVE-2016-7528", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-10-16T13:47:29", "description": "This update for GraphicsMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-8684 [boo#1005123]\n\n - CVE-2016-8682 [boo#1005125]\n\n - CVE-2016-8683 [boo#1005127]\n\n - security update :\n\n - CVE-2016-7529 [boo#1000399]\n\n - CVE-2016-7528 [boo#1000434]\n\n - CVE-2016-7515 [boo#1000689]\n\n - CVE-2016-7446 [boo#999673]\n\n - CVE-2016-7447 [boo#999673]\n\n - CVE-2016-7448 [boo#999673]\n\n - CVE-2016-7449 [boo#999673]\n\n - CVE-2016-7517 [boo#1000693]\n\n - CVE-2016-7519 [boo#1000695]\n\n - CVE-2016-7522 [boo#1000698]\n\n - CVE-2016-7524 [boo#1000700]\n\n - CVE-2016-7531 [boo#1000704]\n\n - CVE-2016-7533 [boo#1000707]\n\n - CVE-2016-7537 [boo#1000711]\n\n - CVE-2016-6823 [boo#1001066]\n\n - CVE-2016-7101 [boo#1001221]\n\n - do not divide by zero in WriteTIFFImage [boo#1002206]\n\n - fix buffer overflow [boo#1002209]\n\n - CVE-2016-7800 [boo#1002422]\n\n - CVE-2016-7996, CVE-2016-7997 [boo#1003629]", "cvss3": {}, "published": "2016-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1229)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5688", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2016-7515", "CVE-2016-7517", "CVE-2016-7519", "CVE-2016-7522", "CVE-2016-7524", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-11-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1229.NASL", "href": "https://www.tenable.com/plugins/nessus/94304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1229.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94304);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5688\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2016-7515\", \"CVE-2016-7517\", \"CVE-2016-7519\", \"CVE-2016-7522\", \"CVE-2016-7524\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1229)\");\n script_summary(english:\"Check for the openSUSE-2016-1229 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-8684 [boo#1005123]\n\n - CVE-2016-8682 [boo#1005125]\n\n - CVE-2016-8683 [boo#1005127]\n\n - security update :\n\n - CVE-2016-7529 [boo#1000399]\n\n - CVE-2016-7528 [boo#1000434]\n\n - CVE-2016-7515 [boo#1000689]\n\n - CVE-2016-7446 [boo#999673]\n\n - CVE-2016-7447 [boo#999673]\n\n - CVE-2016-7448 [boo#999673]\n\n - CVE-2016-7449 [boo#999673]\n\n - CVE-2016-7517 [boo#1000693]\n\n - CVE-2016-7519 [boo#1000695]\n\n - CVE-2016-7522 [boo#1000698]\n\n - CVE-2016-7524 [boo#1000700]\n\n - CVE-2016-7531 [boo#1000704]\n\n - CVE-2016-7533 [boo#1000707]\n\n - CVE-2016-7537 [boo#1000711]\n\n - CVE-2016-6823 [boo#1001066]\n\n - CVE-2016-7101 [boo#1001221]\n\n - do not divide by zero in WriteTIFFImage [boo#1002206]\n\n - fix buffer overflow [boo#1002209]\n\n - CVE-2016-7800 [boo#1002422]\n\n - CVE-2016-7996, CVE-2016-7997 [boo#1003629]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999673\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debuginfo-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-debugsource-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"GraphicsMagick-devel-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-Q16-11-debuginfo-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick++-devel-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagick3-config-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-1.3.21-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-GraphicsMagick-debuginfo-1.3.21-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T13:47:25", "description": "This update for GraphicsMagick fixes the following issues :\n\n - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n\n - CVE-2016-7529: out of bound in quantum handling (bsc#1000399)\n\n - CVE-2016-7528: Out of bound access in xcf file coder (bsc#1000434)\n\n - CVE-2016-7527: out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n\n - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)\n\n - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n\n - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449:\n various issues fixed in 1.3.25 (bsc#999673)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n\n - CVE-2016-5688: Various invalid memory reads in ImageMagick WPG (bsc#985442)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)", "cvss3": {}, "published": "2016-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1230)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8957", "CVE-2015-8958", "CVE-2016-5688", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7446", "CVE-2016-7447", "CVE-2016-7448", "CVE-2016-7449", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7519", "CVE-2016-7522", "CVE-2016-7524", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1230.NASL", "href": "https://www.tenable.com/plugins/nessus/94305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1230.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94305);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-5688\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7446\", \"CVE-2016-7447\", \"CVE-2016-7448\", \"CVE-2016-7449\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7519\", \"CVE-2016-7522\", \"CVE-2016-7524\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1230)\");\n script_summary(english:\"Check for the openSUSE-2016-1230 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - CVE-2016-8684: Mismatch between real filesize and header\n values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable\n compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading\n SCT header (bsc#1005125)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues\n (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to\n heap overflow (bsc#1002422)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb\n file (bsc#1000711)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file\n (bsc#1000707)\n\n - CVE-2016-7531: Pbd file out of bound access\n (bsc#1000704)\n\n - CVE-2016-7529: out of bound in quantum handling\n (bsc#1000399)\n\n - CVE-2016-7528: Out of bound access in xcf file coder\n (bsc#1000434)\n\n - CVE-2016-7527: out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in\n ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow\n READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7522: Out of bound access for malformed psd\n file (bsc#1000698)\n\n - CVE-2016-7519: out-of-bounds read in coders/rle.c\n (bsc#1000695)\n\n - CVE-2016-7517: out-of-bounds read in coders/pict.c\n (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff\n and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file\n (bsc#1000689)\n\n - CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449:\n various issues fixed in 1.3.25 (bsc#999673)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read\n Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write\n Vulnerability (bsc#1001066)\n\n - CVE-2016-5688: Various invalid memory reads in\n ImageMagick WPG (bsc#985442)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to\n malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling\n (bsc#1000690)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999673\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debuginfo-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-debugsource-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"GraphicsMagick-devel-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-Q16-3-debuginfo-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick++-devel-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagick3-config-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-1.3.20-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.20-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:39:06", "description": "This update for GraphicsMagick fixes the following issues :\n\n - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805, [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809, boo#983799)\n\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815, boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817, boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831, boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845, boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n\n - Fix out of bound access for malformed psd file (CVE-2016-7522, boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533, boo#1000707)\n\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537, boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero in WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800, boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n\n - Mismatch between real filesize and header values (CVE-2016-8684, boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682, boo#1005125)\n\n - Check that filesize is reasonable compared to the header value (CVE-2016-8683, boo#1005127)\n\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862, boo#1007245)\n\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9805", "CVE-2014-9807", "CVE-2014-9809", "CVE-2014-9815", "CVE-2014-9817", "CVE-2014-9820", "CVE-2014-9831", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9837", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9853", "CVE-2016-5118", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7515", "CVE-2016-7522", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-8862", "CVE-2016-9556"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:GraphicsMagick", "p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo", "p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource", "p-cpe:/a:novell:opensuse:GraphicsMagick-devel", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-q16-12-debuginfo", "p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3", "p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libGraphicsMagick3-config", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2", "p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick", "p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1430.NASL", "href": "https://www.tenable.com/plugins/nessus/95704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1430.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95704);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9809\", \"CVE-2014-9815\", \"CVE-2014-9817\", \"CVE-2014-9820\", \"CVE-2014-9831\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9837\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9853\", \"CVE-2016-5118\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7522\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n\n script_name(english:\"openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430)\");\n script_summary(english:\"Check for the openSUSE-2016-1430 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for GraphicsMagick fixes the following issues :\n\n - a possible shell execution attack was fixed. if the\n first character of an input filename for 'convert' was a\n '|' then the remainder of the filename was passed to the\n shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick\n (CVE-2014-9805, [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846,\n boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807,\n boo#983794)\n\n - Fix a possible crash due to corrupted xwd images\n (CVE-2014-9809, boo#983799)\n\n - Fix a possible crash due to corrupted wpg images\n (CVE-2014-9815, boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling\n (CVE-2014-9817, boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820,\n boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834,\n boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835,\n CVE-2014-9831, boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file\n (CVE-2014-9845, boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529,\n boo#1000399)\n\n - Fix out of bound access in xcf file coder\n (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515,\n boo#1000689)\n\n - Fix out of bound access for malformed psd file\n (CVE-2016-7522, boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531,\n boo#1000704)\n\n - Fix out of bound access in corrupted wpg files\n (CVE-2016-7533, boo#1000707)\n\n - Fix out of bound access in corrupted pdb files\n (CVE-2016-7537, boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability\n (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability\n (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero\n in WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (fix buffer overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow\n (CVE-2016-7800, boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997,\n boo#1003629)\n\n - Mismatch between real filesize and header values\n (CVE-2016-8684, boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header\n (CVE-2016-8682, boo#1005125)\n\n - Check that filesize is reasonable compared to the header\n value (CVE-2016-8683, boo#1005127)\n\n - Memory allocation failure in AcquireMagickMemory\n (CVE-2016-8862, boo#1007245)\n\n - heap-based buffer overflow in IsPixelGray\n (CVE-2016-9556, boo#1011130)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984436\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GraphicsMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:GraphicsMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-Q16-12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick-Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagick3-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libGraphicsMagickWand-Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debuginfo-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-debugsource-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"GraphicsMagick-devel-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-Q16-12-debuginfo-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick++-devel-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick-Q16-3-debuginfo-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagick3-config-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-1.3.25-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"perl-GraphicsMagick-debuginfo-1.3.25-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GraphicsMagick / GraphicsMagick-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:43", "description": "This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory (bsc#1007245)\n\n - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n\n - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n\n - CVE-2016-7529: out of bound in quantum handling (bsc#1000399)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n\n - CVE-2016-7527: out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n\n - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434)\n\n - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n\n - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n\n - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n\n - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n\n - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)\n\n - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2964-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-5687", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7535", "CVE-2016-7537", "CVE-2016-7799", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-8862"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libMagickCore1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2964-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2964-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95453);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-5687\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7535\", \"CVE-2016-7537\", \"CVE-2016-7799\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\", \"CVE-2016-8862\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2964-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: These\nvulnerabilities could be triggered by processing specially crafted\nimage files, which could lead to a process crash or resource\nconsumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8862: Memory allocation failure in\n AcquireMagickMemory (bsc#1007245)\n\n - CVE-2014-9907: DOS due to corrupted DDS files\n (bsc#1000714)\n\n - CVE-2015-8959: DOS due to corrupted DDS files\n (bsc#1000713)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb\n file (bsc#1000711)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write\n Vulnerability (bsc#1001066)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c\n (bsc#1000688)\n\n - CVE-2016-7515: Rle file handling for corrupted file\n (bsc#1000689)\n\n - CVE-2016-7529: out of bound in quantum handling\n (bsc#1000399)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read\n Vulnerability (bsc#1001221)\n\n - CVE-2016-7527: out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues\n (bsc#1003629)\n\n - CVE-2016-7528: out of bound access in xcf file coder\n (bsc#1000434)\n\n - CVE-2016-8683: Check that filesize is reasonable\n compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading\n SCT header (bsc#1005125)\n\n - CVE-2016-8684: Mismatch between real filesize and header\n values (bsc#1005123)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (bsc#1002209)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder\n (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow\n READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7530: Out of bound in quantum handling\n (bsc#1000703)\n\n - CVE-2016-7531: Pbd file out of bound access\n (bsc#1000704)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file\n (bsc#1000707)\n\n - CVE-2016-7535: Out of bound access for corrupted psd\n file (bsc#1000709)\n\n - CVE-2016-7522: Out of bound access for malformed psd\n file (bsc#1000698)\n\n - CVE-2016-7517: out-of-bounds read in coders/pict.c\n (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff\n and sun files (bsc#1000692)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to\n malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling\n (bsc#1000690)\n\n - CVE-2016-7519: out-of-bounds read in coders/rle.c\n (bsc#1000695)\n\n - CVE-2016-7518: out-of-bounds read in coders/sun.c\n (bsc#1000694)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to\n heap overflow (bsc#1002422)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow\n READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7799: mogrify global buffer overflow\n (bsc#1002421)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9907/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8957/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8959/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6823/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7514/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7516/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7517/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7522/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7800/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7996/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8682/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8862/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162964-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bc753ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-12867=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-12867=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-12867=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-14T01:54:38", "description": "This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n\n - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n\n - CVE-2016-7540: writing to RGF format aborts (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n\n - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n\n - CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n\n - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399)\n\n - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434)\n\n - CVE-2016-7527: Out-of-bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)\n\n - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686)\n\n - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-10-31T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2667-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540", "CVE-2016-7799", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8677", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ImageMagick", "p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo", "p-cpe:/a:novell:suse_linux:ImageMagick-debugsource", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16", "p-cpe:/a:novell:suse_linux:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1", "p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16", "p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2667-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2667-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94433);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\", \"CVE-2016-7799\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8677\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:2667-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: These\nvulnerabilities could be triggered by processing specially crafted\nimage files, which could lead to a process crash or resource\nconsumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8684: Mismatch between real filesize and header\n values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable\n compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading\n SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in\n AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues\n (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to\n heap overflow (bsc#1002422)\n\n - CVE-2016-7799: mogrify global buffer overflow\n (bsc#1002421)\n\n - CVE-2016-7540: writing to RGF format aborts\n (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory\n (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file\n (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb\n file (bsc#1000711)\n\n - CVE-2016-7535: Out of bound access for corrupted psd\n file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder\n (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file\n (bsc#1000707)\n\n - CVE-2016-7532: fix handling of corrupted psd file\n (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access\n (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling\n (bsc#1000703)\n\n - CVE-2016-7529: Out-of-bound in quantum handling\n (bsc#1000399)\n\n - CVE-2016-7528: Out-of-bound access in xcf file coder\n (bsc#1000434)\n\n - CVE-2016-7527: Out-of-bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in\n ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder\n (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow\n READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow\n READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd\n file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling\n (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling\n (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c\n (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c\n (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c\n (bsc#1000693)\n\n - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff\n and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file\n (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c\n (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault\n (bsc#1000686)\n\n - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds\n Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds\n Write Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: dOS due to corrupted DDS files\n (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to\n malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling\n (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files\n (bsc#1000714)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9907/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8957/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8959/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6823/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7513/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7514/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7516/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7517/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7520/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7521/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7522/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7538/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7800/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7996/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8682/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8684/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162667-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aea0f46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1572=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1572=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1572=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ImageMagick-debugsource-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ImageMagick-debugsource-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-14T01:54:21", "description": "This update for ImageMagick fixes the following issues :\n\n - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n\n - CVE-2016-7799: Mogrify global buffer overflow (bsc#1002421)\n\n - CVE-2016-7540: Writing to RGF format aborts (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n\n - CVE-2016-7536: SEGV reported in corrupted profile handling (bsc#1000710)\n\n - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n\n - CVE-2016-7532: Fix handling of corrupted psd file (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n\n - CVE-2016-7529: Out of bound in quantum handling (bsc#1000399)\n\n - CVE-2016-7528: Out of bound access in xcf file coder (bsc#1000434)\n\n - CVE-2016-7527: Out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)", "cvss3": {}, "published": "2016-10-31T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-1242)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540", "CVE-2016-7799", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8677", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/94425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1242.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94425);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7536\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\", \"CVE-2016-7799\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8677\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-1242)\");\n script_summary(english:\"Check for the openSUSE-2016-1242 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - CVE-2016-8684: Mismatch between real filesize and header\n values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable\n compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading\n SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in\n AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues\n (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to\n heap overflow (bsc#1002422)\n\n - CVE-2016-7799: Mogrify global buffer overflow\n (bsc#1002421)\n\n - CVE-2016-7540: Writing to RGF format aborts\n (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory\n (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file\n (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb\n file (bsc#1000711)\n\n - CVE-2016-7536: SEGV reported in corrupted profile\n handling (bsc#1000710)\n\n - CVE-2016-7535: Out of bound access for corrupted psd\n file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder\n (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file\n (bsc#1000707)\n\n - CVE-2016-7532: Fix handling of corrupted psd file\n (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access\n (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling\n (bsc#1000703)\n\n - CVE-2016-7529: Out of bound in quantum handling\n (bsc#1000399)\n\n - CVE-2016-7528: Out of bound access in xcf file coder\n (bsc#1000434)\n\n - CVE-2016-7527: Out of bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder\n (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow\n READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow\n READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd\n file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling\n (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling\n (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c\n (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c\n (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c\n (bsc#1000693)\n\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff\n and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file\n (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c\n (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault\n (bsc#1000686)\n\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read\n Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write\n Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: DOS due to corrupted DDS files\n (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to\n malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling\n (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files\n (bsc#1000714)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (bsc#1002209)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-debugsource-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-devel-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ImageMagick-extra-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-6_Q16-5-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagick++-devel-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickCore-6_Q16-2-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libMagickWand-6_Q16-2-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"perl-PerlMagick-debuginfo-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-32bit-6.8.9.8-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-14T01:52:38", "description": "This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422)\n\n - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n\n - CVE-2016-7540: writing to RGF format aborts (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n\n - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n\n - CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n\n - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399)\n\n - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434)\n\n - CVE-2016-7527: Out-of-bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693)\n\n - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686)\n\n - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ImageMagick (openSUSE-2016-1282)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540", "CVE-2016-7799", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8677", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ImageMagick", "p-cpe:/a:novell:opensuse:ImageMagick-debuginfo", "p-cpe:/a:novell:opensuse:ImageMagick-debugsource", "p-cpe:/a:novell:opensuse:ImageMagick-devel", "p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit", "p-cpe:/a:novell:opensuse:ImageMagick-extra", "p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-6_q16-3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel", "p-cpe:/a:novell:opensuse:libmagick%2b%2b-devel-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo", "p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-PerlMagick", "p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1282.NASL", "href": "https://www.tenable.com/plugins/nessus/94754", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1282.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94754);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\", \"CVE-2016-7799\", \"CVE-2016-7800\", \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8677\", \"CVE-2016-8682\", \"CVE-2016-8683\", \"CVE-2016-8684\");\n\n script_name(english:\"openSUSE Security Update : ImageMagick (openSUSE-2016-1282)\");\n script_summary(english:\"Check for the openSUSE-2016-1282 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues: These\nvulnerabilities could be triggered by processing specially crafted\nimage files, which could lead to a process crash or resource\nconsumtion, or potentially have unspecified futher impact.\n\n - CVE-2016-8684: Mismatch between real filesize and header\n values (bsc#1005123)\n\n - CVE-2016-8683: Check that filesize is reasonable\n compared to the header value (bsc#1005127)\n\n - CVE-2016-8682: Stack-buffer read overflow while reading\n SCT header (bsc#1005125)\n\n - CVE-2016-8677: Memory allocation failure in\n AcquireQuantumPixels (bsc#1005328)\n\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues\n (bsc#1003629)\n\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to\n heap overflow (bsc#1002422)\n\n - CVE-2016-7799: mogrify global buffer overflow\n (bsc#1002421)\n\n - CVE-2016-7540: writing to RGF format aborts\n (bsc#1000394)\n\n - CVE-2016-7539: Potential DOS by not releasing memory\n (bsc#1000715)\n\n - CVE-2016-7538: SIGABRT for corrupted pdb file\n (bsc#1000712)\n\n - CVE-2016-7537: Out of bound access for corrupted pdb\n file (bsc#1000711)\n\n - CVE-2016-7535: Out of bound access for corrupted psd\n file (bsc#1000709)\n\n - CVE-2016-7534: Out of bound access in generic decoder\n (bsc#1000708)\n\n - CVE-2016-7533: Wpg file out of bound for corrupted file\n (bsc#1000707)\n\n - CVE-2016-7532: fix handling of corrupted psd file\n (bsc#1000706)\n\n - CVE-2016-7531: Pbd file out of bound access\n (bsc#1000704)\n\n - CVE-2016-7530: Out of bound in quantum handling\n (bsc#1000703)\n\n - CVE-2016-7529: Out-of-bound in quantum handling\n (bsc#1000399)\n\n - CVE-2016-7528: Out-of-bound access in xcf file coder\n (bsc#1000434)\n\n - CVE-2016-7527: Out-of-bound access in wpg file coder:\n (bsc#1000436)\n\n - CVE-2016-7526: out-of-bounds write in\n ./MagickCore/pixel-accessor.h (bsc#1000702)\n\n - CVE-2016-7525: Heap buffer overflow in psd file coder\n (bsc#1000701)\n\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow\n READ of size 1 in meta.c:465 (bsc#1000700)\n\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow\n READ of size 1 meta.c:496 (bsc#1000699)\n\n - CVE-2016-7522: Out of bound access for malformed psd\n file (bsc#1000698)\n\n - CVE-2016-7521: Heap buffer overflow in psd file handling\n (bsc#1000697)\n\n - CVE-2016-7520: Heap overflow in hdr file handling\n (bsc#1000696)\n\n - CVE-2016-7519: Out-of-bounds read in coders/rle.c\n (bsc#1000695)\n\n - CVE-2016-7518: Out-of-bounds read in coders/sun.c\n (bsc#1000694)\n\n - CVE-2016-7517: Out-of-bounds read in coders/pict.c\n (bsc#1000693)\n\n - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff\n and sun files (bsc#1000692)\n\n - CVE-2016-7515: Rle file handling for corrupted file\n (bsc#1000689)\n\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c\n (bsc#1000688)\n\n - CVE-2016-7513: Off-by-one error leading to segfault\n (bsc#1000686)\n\n - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds\n Read Vulnerability (bsc#1001221)\n\n - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds\n Write Vulnerability (bsc#1001066)\n\n - CVE-2015-8959: dOS due to corrupted DDS files\n (bsc#1000713)\n\n - CVE-2015-8958: Potential DOS in sun file handling due to\n malformed files (bsc#1000691)\n\n - CVE-2015-8957: Buffer overflow in sun file handling\n (bsc#1000690)\n\n - CVE-2014-9907: DOS due to corrupted DDS files\n (bsc#1000714)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders\n (bsc#1002209)\n\n - Divide by zero in WriteTIFFImage (bsc#1002206)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005328\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ImageMagick packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-debugsource-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-devel-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ImageMagick-extra-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-6_Q16-3-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagick++-devel-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"perl-PerlMagick-debuginfo-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"ImageMagick-devel-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagick++-devel-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-32bit-6.8.8.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-14T14:30:05", "description": "This updates fixes many vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-26T00:00:00", "type": "nessus", "title": "Debian DSA-3652-1 : imagemagick - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:imagemagick", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3652.NASL", "href": "https://www.tenable.com/plugins/nessus/93115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3652. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93115);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5010\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7536\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\");\n script_xref(name:\"DSA\", value:\"3652\");\n\n script_name(english:\"Debian DSA-3652-1 : imagemagick - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta,\nQuantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/imagemagick\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the imagemagick packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-6.q16\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-common\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-dbg\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"imagemagick-doc\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-perl\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libimage-magick-q16-perl\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-5\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagick++-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-arch-config\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-2-extra\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickcore-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6-headers\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-2\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-6.q16-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmagickwand-dev\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"perlmagick\", reference:\"8:6.8.9.9-5+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:38:42", "description": "It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3131-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716", "CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9841", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9850", "CVE-2014-9851", "CVE-2014-9853", "CVE-2014-9854", "CVE-2014-9907", "CVE-2015-8894", "CVE-2015-8895", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:imagemagick", "p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b-6.q16-5v5", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b4", "p-cpe:/a:canonical:ubuntu_linux:libmagick%2b%2b5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5", "p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3131-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95053", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3131-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95053);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9805\", \"CVE-2014-9806\", \"CVE-2014-9807\", \"CVE-2014-9808\", \"CVE-2014-9809\", \"CVE-2014-9810\", \"CVE-2014-9811\", \"CVE-2014-9812\", \"CVE-2014-9813\", \"CVE-2014-9814\", \"CVE-2014-9815\", \"CVE-2014-9816\", \"CVE-2014-9817\", \"CVE-2014-9818\", \"CVE-2014-9819\", \"CVE-2014-9820\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9826\", \"CVE-2014-9828\", \"CVE-2014-9829\", \"CVE-2014-9830\", \"CVE-2014-9831\", \"CVE-2014-9833\", \"CVE-2014-9834\", \"CVE-2014-9835\", \"CVE-2014-9836\", \"CVE-2014-9837\", \"CVE-2014-9838\", \"CVE-2014-9839\", \"CVE-2014-9840\", \"CVE-2014-9841\", \"CVE-2014-9843\", \"CVE-2014-9844\", \"CVE-2014-9845\", \"CVE-2014-9846\", \"CVE-2014-9847\", \"CVE-2014-9848\", \"CVE-2014-9849\", \"CVE-2014-9850\", \"CVE-2014-9851\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8894\", \"CVE-2015-8895\", \"CVE-2015-8896\", \"CVE-2015-8897\", \"CVE-2015-8898\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2015-8959\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5010\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-5841\", \"CVE-2016-5842\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7513\", \"CVE-2016-7514\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7521\", \"CVE-2016-7522\", \"CVE-2016-7523\", \"CVE-2016-7524\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7527\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7532\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7535\", \"CVE-2016-7536\", \"CVE-2016-7537\", \"CVE-2016-7538\", \"CVE-2016-7539\", \"CVE-2016-7540\");\n script_xref(name:\"USN\", value:\"3131-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3131-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ImageMagick incorrectly handled certain\nmalformed image files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted image, an attacker could\nexploit this to cause a denial of service or possibly execute code\nwith the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3131-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagick++5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore4-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"imagemagick\", pkgver:\"8:6.6.9.7-5ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagick++4\", pkgver:\"8:6.6.9.7-5ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4\", pkgver:\"8:6.6.9.7-5ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmagickcore4-extra\", pkgver:\"8:6.6.9.7-5ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"imagemagick\", pkgver:\"8:6.7.7.10-6ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagick++5\", pkgver:\"8:6.7.7.10-6ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5\", pkgver:\"8:6.7.7.10-6ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagickcore5-extra\", pkgver:\"8:6.7.7.10-6ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick\", pkgver:\"8:6.8.9.9-7ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"imagemagick-6.q16\", pkgver:\"8:6.8.9.9-7ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagick++-6.q16-5v5\", pkgver:\"8:6.8.9.9-7ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2\", pkgver:\"8:6.8.9.9-7ubuntu8.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libmagickcore-6.q16-2-extra\", pkgver:\"8:6.8.9.9-7ubuntu8.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-06T14:18:04", "description": "According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well.Security Fix(es):The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.(CVE-2014-8354)PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8355)DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8562)The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).(CVE-2014-8716)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.(CVE-2014-9821)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.(CVE-2014-9822)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.(CVE-2014-9823)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.(CVE-2014-9824)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.(CVE-2014-9825)coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.(CVE-2014-9852)Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.(CVE-2014-9853)coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the ''identification of image.''(CVE-2014-9854)coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.(CVE-2014-9907)The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.(CVE-2015-8900)ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.(CVE-2015-8901)The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.(CVE-2015-8902)The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.(CVE-2015-8903)Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.(CVE-2015-8957)coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.(CVE-2016-10046)Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.(CVE-2016-10047)Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.(CVE-2016-10049)The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.(CVE-2016-10053)Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10054)Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10055)Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10056)Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10057)Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.(CVE-2016-10059)The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10060)The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.(CVE-2016-10061)The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10062)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.(CVE-2016-10063)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10064)The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10065)Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10066)magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving ''too many exceptions,'' which trigger a buffer overflow.(CVE-2016-10067)The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.(CVE-2016-10068)coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.(CVE-2016-10069)Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.(CVE-2016-10070)coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.(CVE-2016-10071)coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.(CVE-2016-10144)Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.(CVE-2016-10145)Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.(CVE-2016-10252)The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564)The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.(CVE-2016-5687)The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.(CVE-2016-5688)The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.(CVE-2016-5689)The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.(CVE-2016-5690)The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.(CVE-2016-5691)Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.(CVE-2016-6491)Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.(CVE-2016-6823)The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.(CVE-2016-7101)The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.(CVE-2016-7515)The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.(CVE-2016-7516)The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.(CVE-2016-7517)The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.(CVE-2016-7518)The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.(CVE-2016-7519)Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.(CVE-2016-7520)Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.(CVE-2016-7525)coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.(CVE-2016-7526)The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.(CVE-2016-7528)coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.(CVE-2016-7529)The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.(CVE-2016-7530)MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.(CVE-2016-7531)The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.(CVE-2016-7533)The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.(CVE-2016-7534)Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.(CVE-2016-7539)MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.(CVE-2016-7799)magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.(CVE-2016-7906)The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.(CVE-2016-8677)An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.(CVE-2016-8707)The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.(CVE-2016-8866)coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.(CVE-2016-9559)The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.(CVE-2017-11478)The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.(CVE-2017-11505)The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.(CVE-2017-11523)The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.(CVE-2017-11524)The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.(CVE-2017-11526)The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11527)The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.(CVE-2017-11528)The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.(CVE-2017-11529)The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11530)The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.(CVE-2017-12427)In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.(CVE-2017-13139)In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.(CVE-2017-13140)In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.(CVE-2017-13141)In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.(CVE-2017-13142)In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.(CVE-2017-13143)In ImageMagick before 6.9.7-10, there is a crash (rather than a ''width or height exceeds limit'' error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.(CVE-2017-13144)In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.(CVE-2017-13145)In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.(CVE-2017-13146)In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.(CVE-2017-13658)ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.(CVE-2017-17499)ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.(CVE-2017-17504)Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.(CVE-2017-5507)Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.(CVE-2017-5508)coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5509)coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5510)An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).(CVE-2017-6497)An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.(CVE-2017-6498)An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).(CVE-2017-6499)An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.(CVE-2017-6500)An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.(CVE-2017-6501)An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).(CVE-2017-6502)The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7941)The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7942)The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7943)ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.(CVE-2018-6405)ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.(CVE-2019-13133)ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.(CVE-2019-13134)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716", "CVE-2014-9819", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9825", "CVE-2014-9837", "CVE-2014-9852", "CVE-2014-9853", "CVE-2014-9854", "CVE-2014-9907", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-10046", "CVE-2016-10047", "CVE-2016-10049", "CVE-2016-10053", "CVE-2016-10054", "CVE-2016-10055", "CVE-2016-10056", "CVE-2016-10057", "CVE-2016-10058", "CVE-2016-10059", "CVE-2016-10060", "CVE-2016-10061", "CVE-2016-10062", "CVE-2016-10063", "CVE-2016-10064", "CVE-2016-10065", "CVE-2016-10066", "CVE-2016-10067", "CVE-2016-10068", "CVE-2016-10069", "CVE-2016-10070", "CVE-2016-10071", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10252", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7539", "CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9559", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-12427", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5509", "CVE-2017-5510", "CVE-2017-6497", "CVE-2017-6498", "CVE-2017-6499", "CVE-2017-6500", "CVE-2017-6501", "CVE-2017-6502", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2018-16323", "CVE-2018-16328", "CVE-2018-20467", "CVE-2018-6405", "CVE-2019-13133", "CVE-2019-13134"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ImageMagick", "p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b", "p-cpe:/a:huawei:euleros:ImageMagick-libs", "p-cpe:/a:huawei:euleros:ImageMagick-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1390.NASL", "href": "https://www.tenable.com/plugins/nessus/135519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135519);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-8354\",\n \"CVE-2014-8355\",\n \"CVE-2014-8562\",\n \"CVE-2014-8716\",\n \"CVE-2014-9821\",\n \"CVE-2014-9822\",\n \"CVE-2014-9823\",\n \"CVE-2014-9824\",\n \"CVE-2014-9825\",\n \"CVE-2014-9837\",\n \"CVE-2014-9852\",\n \"CVE-2014-9853\",\n \"CVE-2014-9854\",\n \"CVE-2014-9907\",\n \"CVE-2015-8900\",\n \"CVE-2015-8901\",\n \"CVE-2015-8902\",\n \"CVE-2015-8903\",\n \"CVE-2015-8957\",\n \"CVE-2015-8958\",\n \"CVE-2016-10046\",\n \"CVE-2016-10047\",\n \"CVE-2016-10049\",\n \"CVE-2016-10053\",\n \"CVE-2016-10054\",\n \"CVE-2016-10055\",\n \"CVE-2016-10056\",\n \"CVE-2016-10057\",\n \"CVE-2016-10058\",\n \"CVE-2016-10059\",\n \"CVE-2016-10060\",\n \"CVE-2016-10061\",\n \"CVE-2016-10062\",\n \"CVE-2016-10063\",\n \"CVE-2016-10064\",\n \"CVE-2016-10065\",\n \"CVE-2016-10066\",\n \"CVE-2016-10067\",\n \"CVE-2016-10068\",\n \"CVE-2016-10069\",\n \"CVE-2016-10070\",\n \"CVE-2016-10071\",\n \"CVE-2016-10144\",\n \"CVE-2016-10145\",\n \"CVE-2016-10252\",\n \"CVE-2016-4562\",\n \"CVE-2016-4563\",\n \"CVE-2016-4564\",\n \"CVE-2016-5687\",\n \"CVE-2016-5688\",\n \"CVE-2016-5689\",\n \"CVE-2016-5690\",\n \"CVE-2016-5691\",\n \"CVE-2016-6491\",\n \"CVE-2016-6823\",\n \"CVE-2016-7101\",\n \"CVE-2016-7515\",\n \"CVE-2016-7516\",\n \"CVE-2016-7517\",\n \"CVE-2016-7518\",\n \"CVE-2016-7519\",\n \"CVE-2016-7520\",\n \"CVE-2016-7525\",\n \"CVE-2016-7526\",\n \"CVE-2016-7528\",\n \"CVE-2016-7529\",\n \"CVE-2016-7530\",\n \"CVE-2016-7531\",\n \"CVE-2016-7533\",\n \"CVE-2016-7534\",\n \"CVE-2016-7539\",\n \"CVE-2016-7799\",\n \"CVE-2016-7906\",\n \"CVE-2016-8677\",\n \"CVE-2016-8707\",\n \"CVE-2016-8866\",\n \"CVE-2016-9559\",\n \"CVE-2017-11478\",\n \"CVE-2017-11505\",\n \"CVE-2017-11523\",\n \"CVE-2017-11524\",\n \"CVE-2017-11525\",\n \"CVE-2017-11526\",\n \"CVE-2017-11527\",\n \"CVE-2017-11528\",\n \"CVE-2017-11529\",\n \"CVE-2017-11530\",\n \"CVE-2017-12427\",\n \"CVE-2017-13139\",\n \"CVE-2017-13140\",\n \"CVE-2017-13141\",\n \"CVE-2017-13142\",\n \"CVE-2017-13143\",\n \"CVE-2017-13144\",\n \"CVE-2017-13145\",\n \"CVE-2017-13146\",\n \"CVE-2017-13658\",\n \"CVE-2017-17499\",\n \"CVE-2017-17504\",\n \"CVE-2017-5507\",\n \"CVE-2017-5508\",\n \"CVE-2017-5509\",\n \"CVE-2017-5510\",\n \"CVE-2017-6497\",\n \"CVE-2017-6498\",\n \"CVE-2017-6499\",\n \"CVE-2017-6500\",\n \"CVE-2017-6501\",\n \"CVE-2017-6502\",\n \"CVE-2017-7941\",\n \"CVE-2017-7942\",\n \"CVE-2017-7943\",\n \"CVE-2018-16323\",\n \"CVE-2018-16328\",\n \"CVE-2018-20467\",\n \"CVE-2018-6405\",\n \"CVE-2019-13133\",\n \"CVE-2019-13134\"\n );\n script_bugtraq_id(\n 70830,\n 70837,\n 70839,\n 70992\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ImageMagick packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - ImageMagick is an image display and manipulation tool\n for the X Window System. ImageMagick can read and write\n JPEG, TIFF, PNM, GIF, and Photo CD image formats. It\n can resize, rotate, sharpen, color reduce, or add\n special effects to an image, and when finished you can\n either save the completed work in the original format\n or a different one. ImageMagick also includes command\n line programs for creating animated or transparent\n .gifs, creating composite images, creating thumbnail\n images, and more. ImageMagick is one of your choices if\n you need a program to manipulate and display images. If\n you want to develop your own applications which use\n ImageMagick code or APIs, you need to install\n ImageMagick-devel as well.Security Fix(es):The\n HorizontalFilter function in resize.c in ImageMagick\n before 6.8.9-9 allows remote attackers to cause a\n denial of service (out-of-bounds read) via a crafted\n image file.(CVE-2014-8354)PCX parser code in\n ImageMagick before 6.8.9-9 allows remote attackers to\n cause a denial of service (out-of-bounds\n read).(CVE-2014-8355)DCM decode in ImageMagick before\n 6.8.9-9 allows remote attackers to cause a denial of\n service (out-of-bounds read).(CVE-2014-8562)The JPEG\n decoder in ImageMagick before 6.8.9-9 allows local\n users to cause a denial of service (out-of-bounds\n memory access and crash).(CVE-2014-8716)Heap-based\n buffer overflow in ImageMagick allows remote attackers\n to have unspecified impact via a crafted xpm\n file.(CVE-2014-9821)Heap-based buffer overflow in\n ImageMagick allows remote attackers to have unspecified\n impact via a crafted quantum\n file.(CVE-2014-9822)Heap-based buffer overflow in\n ImageMagick allows remote attackers to have unspecified\n impact via a crafted palm file, a different\n vulnerability than\n CVE-2014-9819.(CVE-2014-9823)Heap-based buffer overflow\n in ImageMagick allows remote attackers to have\n unspecified impact via a crafted psd file, a different\n vulnerability than\n CVE-2014-9825.(CVE-2014-9824)Heap-based buffer overflow\n in ImageMagick allows remote attackers to have\n unspecified impact via a crafted psd file, a different\n vulnerability than\n CVE-2014-9824.(CVE-2014-9825)coders/pnm.c in\n ImageMagick 6.9.0-1 Beta and earlier allows remote\n attackers to cause a denial of service (crash) via a\n crafted png file.(CVE-2014-9837)distribute-cache.c in\n ImageMagick re-uses objects after they have been\n destroyed, which allows remote attackers to have\n unspecified impact via unspecified\n vectors.(CVE-2014-9852)Memory leak in coders/rle.c in\n ImageMagick allows remote attackers to cause a denial\n of service (memory consumption) via a crafted rle\n file.(CVE-2014-9853)coders/tiff.c in ImageMagick allows\n remote attackers to cause a denial of service\n (application crash) via vectors related to the\n ''identification of image.''(CVE-2014-9854)coders/dds.c\n in ImageMagick allows remote attackers to cause a\n denial of service via a crafted DDS\n file.(CVE-2014-9907)The ReadHDRImage function in\n coders/hdr.c in ImageMagick 6.x and 7.x allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted HDR file.(CVE-2015-8900)ImageMagick 6.x\n before 6.9.0-5 Beta allows remote attackers to cause a\n denial of service (infinite loop) via a crafted MIFF\n file.(CVE-2015-8901)The ReadBlobByte function in\n coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta\n allows remote attackers to cause a denial of service\n (infinite loop) via a crafted PDB\n file.(CVE-2015-8902)The ReadVICARImage function in\n coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta\n allows remote attackers to cause a denial of service\n (infinite loop) via a crafted VICAR\n file.(CVE-2015-8903)Buffer overflow in ImageMagick\n before 6.9.0-4 Beta allows remote attackers to cause a\n denial of service (application crash) via a crafted SUN\n file.(CVE-2015-8957)coders/sun.c in ImageMagick before\n 6.9.0-4 Beta allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted SUN file.(CVE-2015-8958)Heap-based buffer\n overflow in the DrawImage function in magick/draw.c in\n ImageMagick before 6.9.5-5 allows remote attackers to\n cause a denial of service (application crash) via a\n crafted image file.(CVE-2016-10046)Memory leak in the\n NewXMLTree function in magick/xml-tree.c in ImageMagick\n before 6.9.4-7 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted\n XML file.(CVE-2016-10047)Buffer overflow in the\n ReadRLEImage function in coders/rle.c in ImageMagick\n before 6.9.4-4 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted RLE\n file.(CVE-2016-10049)The WriteTIFFImage function in\n coders/tiff.c in ImageMagick before 6.9.5-8 allows\n remote attackers to cause a denial of service\n (divide-by-zero error and application crash) via a\n crafted file.(CVE-2016-10053)Buffer overflow in the\n WriteMAPImage function in coders/map.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted\n file.(CVE-2016-10054)Buffer overflow in the\n WritePDBImage function in coders/pdb.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted\n file.(CVE-2016-10055)Buffer overflow in the\n sixel_decode function in coders/sixel.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted\n file.(CVE-2016-10056)Buffer overflow in the\n WriteGROUP4Image function in coders/tiff.c in\n ImageMagick before 6.9.5-8 allows remote attackers to\n cause a denial of service (application crash) or have\n other unspecified impact via a crafted\n file.(CVE-2016-10057)Memory leak in the ReadPSDLayers\n function in coders/psd.c in ImageMagick before 6.9.6-3\n allows remote attackers to cause a denial of service\n (memory consumption) via a crafted image\n file.(CVE-2016-10058)Buffer overflow in coders/tiff.c\n in ImageMagick before 6.9.4-1 allows remote attackers\n to cause a denial of service (application crash) or\n have unspecified other impact via a crafted TIFF\n file.(CVE-2016-10059)The ConcatenateImages function in\n MagickWand/magick-cli.c in ImageMagick before 7.0.1-10\n does not check the return value of the fputc function,\n which allows remote attackers to cause a denial of\n service (application crash) via a crafted\n file.(CVE-2016-10060)The ReadGROUP4Image function in\n coders/tiff.c in ImageMagick before 7.0.1-10 does not\n check the return value of the fputc function, which\n allows remote attackers to cause a denial of service\n (crash) via a crafted image file.(CVE-2016-10061)The\n ReadGROUP4Image function in coders/tiff.c in\n ImageMagick does not check the return value of the\n fwrite function, which allows remote attackers to cause\n a denial of service (application crash) via a crafted\n file.(CVE-2016-10062)Buffer overflow in coders/tiff.c\n in ImageMagick before 6.9.5-1 allows remote attackers\n to cause a denial of service (application crash) or\n have other unspecified impact via a crafted file,\n related to extend validity.(CVE-2016-10063)Buffer\n overflow in coders/tiff.c in ImageMagick before 6.9.5-1\n allows remote attackers to cause a denial of service\n (application crash) or have other unspecified impact\n via a crafted file.(CVE-2016-10064)The ReadVIFFImage\n function in coders/viff.c in ImageMagick before 7.0.1-0\n allows remote attackers to cause a denial of service\n (application crash) or have other unspecified impact\n via a crafted file.(CVE-2016-10065)Buffer overflow in\n the ReadVIFFImage function in coders/viff.c in\n ImageMagick before 6.9.4-5 allows remote attackers to\n cause a denial of service (application crash) via a\n crafted file.(CVE-2016-10066)magick/memory.c in\n ImageMagick before 6.9.4-5 allows remote attackers to\n cause a denial of service (application crash) via\n vectors involving ''too many exceptions,'' which\n trigger a buffer overflow.(CVE-2016-10067)The MSL\n interpreter in ImageMagick before 6.9.6-4 allows remote\n attackers to cause a denial of service (segmentation\n fault and application crash) via a crafted XML\n file.(CVE-2016-10068)coders/mat.c in ImageMagick before\n 6.9.4-5 allows remote attackers to cause a denial of\n service (application crash) via a mat file with an\n invalid number of frames.(CVE-2016-10069)Heap-based\n buffer overflow in the CalcMinMax function in\n coders/mat.c in ImageMagick before 6.9.4-0 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and application crash) via a\n crafted mat file.(CVE-2016-10070)coders/mat.c in\n ImageMagick before 6.9.4-0 allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted mat\n file.(CVE-2016-10071)coders/ipl.c in ImageMagick allows\n remote attackers to have unspecific impact by\n leveraging a missing malloc\n check.(CVE-2016-10144)Off-by-one error in coders/wpg.c\n in ImageMagick allows remote attackers to have\n unspecified impact via vectors related to a string\n copy.(CVE-2016-10145)Memory leak in the IsOptionMember\n function in MagickCore/option.c in ImageMagick before\n 6.9.2-2, as used in ODR-PadEnc and other products,\n allows attackers to trigger memory\n consumption.(CVE-2016-10252)The DrawDashPolygon\n function in MagickCore/draw.c in ImageMagick before\n 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations\n of certain vertices integer data, which allows remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file.(CVE-2016-4562)The\n TraceStrokePolygon function in MagickCore/draw.c in\n ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2\n mishandles the relationship between the BezierQuantum\n value and certain strokes data, which allows remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file.(CVE-2016-4563)The\n DrawImage function in MagickCore/draw.c in ImageMagick\n before 6.9.4-0 and 7.x before 7.0.1-2 makes an\n incorrect function call in attempting to locate the\n next token, which allows remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file.(CVE-2016-4564)The VerticalFilter function\n in the DDS coder in ImageMagick before 6.9.4-3 and 7.x\n before 7.0.1-4 allows remote attackers to have\n unspecified impact via a crafted DDS file, which\n triggers an out-of-bounds read.(CVE-2016-5687)The WPG\n parser in ImageMagick before 6.9.4-4 and 7.x before\n 7.0.1-5, when a memory limit is set, allows remote\n attackers to have unspecified impact via vectors\n related to the SetImageExtent return-value check, which\n trigger (1) a heap-based buffer overflow in the\n SetPixelIndex function or an invalid write operation in\n the (2) ScaleCharToQuantum or (3) SetPixelIndex\n functions.(CVE-2016-5688)The DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact by leveraging lack\n of NULL pointer checks.(CVE-2016-5689)The ReadDCMImage\n function in DCM reader in ImageMagick before 6.9.4-5\n and 7.x before 7.0.1-7 allows remote attackers to have\n unspecified impact via vectors involving the for\n statement in computing the pixel scaling\n table.(CVE-2016-5690)The DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact by leveraging lack\n of validation of (1) pixel.red, (2) pixel.green, and\n (3) pixel.blue.(CVE-2016-5691)Buffer overflow in the\n Get8BIMProperty function in MagickCore/property.c in\n ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6\n allows remote attackers to cause a denial of service\n (out-of-bounds read, memory leak, and crash) via a\n crafted image.(CVE-2016-6491)Integer overflow in the\n BMP coder in ImageMagick before 7.0.2-10 allows remote\n attackers to cause a denial of service (crash) via\n crafted height and width values, which triggers an\n out-of-bounds write.(CVE-2016-6823)The SGI coder in\n ImageMagick before 7.0.2-10 allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n large row value in an sgi file.(CVE-2016-7101)The\n ReadRLEImage function in coders/rle.c in ImageMagick\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via vectors related to the number\n of pixels.(CVE-2016-7515)The ReadVIFFImage function in\n coders/viff.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted VIFF file.(CVE-2016-7516)The EncodeImage\n function in coders/pict.c in ImageMagick allows remote\n attackers to cause a denial of service (out-of-bounds\n read) via a crafted PICT file.(CVE-2016-7517)The\n ReadSUNImage function in coders/sun.c in ImageMagick\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted SUN\n file.(CVE-2016-7518)The ReadRLEImage function in\n coders/rle.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted file.(CVE-2016-7519)Heap-based buffer overflow\n in coders/hdr.c in ImageMagick allows remote attackers\n to cause a denial of service (out-of-bounds read) via a\n crafted HDR file.(CVE-2016-7520)Heap-based buffer\n overflow in coders/psd.c in ImageMagick allows remote\n attackers to cause a denial of service (out-of-bounds\n read) via a crafted PSD\n file.(CVE-2016-7525)coders/wpg.c in ImageMagick allows\n remote attackers to cause a denial of service\n (out-of-bounds write) via a crafted\n file.(CVE-2016-7526)The ReadVIFFImage function in\n coders/viff.c in ImageMagick allows remote attackers to\n cause a denial of service (segmentation fault) via a\n crafted VIFF file.(CVE-2016-7528)coders/xcf.c in\n ImageMagick allows remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted XCF\n file.(CVE-2016-7529)The quantum handling code in\n ImageMagick allows remote attackers to cause a denial\n of service (divide-by-zero error or out-of-bounds\n write) via a crafted\n file.(CVE-2016-7530)MagickCore/memory.c in ImageMagick\n allows remote attackers to cause a denial of service\n (out-of-bounds write) via a crafted PDB\n file.(CVE-2016-7531)The ReadWPGImage function in\n coders/wpg.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted WPG file.(CVE-2016-7533)The generic decoder in\n ImageMagick allows remote attackers to cause a denial\n of service (out-of-bounds access) via a crafted\n file.(CVE-2016-7534)Memory leak in AcquireVirtualMemory\n in ImageMagick before 7 allows remote attackers to\n cause a denial of service (memory consumption) via\n unspecified vectors.(CVE-2016-7539)MagickCore/profile.c\n in ImageMagick before 7.0.3-2 allows remote attackers\n to cause a denial of service (out-of-bounds read) via a\n crafted file.(CVE-2016-7799)magick/attribute.c in\n ImageMagick 7.0.3-2 allows remote attackers to cause a\n denial of service (use-after-free) via a crafted\n file.(CVE-2016-7906)The AcquireQuantumPixels function\n in MagickCore/quantum.c in ImageMagick before 7.0.3-1\n allows remote attackers to have unspecified impact via\n a crafted image file, which triggers a memory\n allocation failure.(CVE-2016-8677)An exploitable out of\n bounds write exists in the handling of compressed TIFF\n images in ImageMagicks's convert utility. A crafted\n TIFF document can lead to an out of bounds write which\n in particular circumstances could be leveraged into\n remote code execution. The vulnerability can be\n triggered through any user controlled TIFF that is\n handled by this functionality.(CVE-2016-8707)The\n AcquireMagickMemory function in MagickCore/memory.c in\n ImageMagick 7.0.3.3 before 7.0.3.8 allows remote\n attackers to have unspecified impact via a crafted\n image, which triggers a memory allocation failure.\n NOTE: this vulnerability exists because of an\n incomplete fix for\n CVE-2016-8862.(CVE-2016-8866)coders/tiff.c in\n ImageMagick before 7.0.3.7 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n crash) via a crafted image.(CVE-2016-9559)The\n ReadOneDJVUImage function in coders/djvu.c in\n ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1\n allows remote attackers to cause a denial of service\n (infinite loop and CPU consumption) via a malformed\n DJVU image.(CVE-2017-11478)The ReadOneJNGImage function\n in coders/png.c in ImageMagick through 6.9.9-0 and 7.x\n through 7.0.6-1 allows remote attackers to cause a\n denial of service (large loop and CPU consumption) via\n a malformed JNG file.(CVE-2017-11505)The ReadTXTImage\n function in coders/txt.c in ImageMagick through 6.9.9-0\n and 7.x through 7.0.6-1 allows remote attackers to\n cause a denial of service (infinite loop) via a crafted\n file, because the end-of-file condition is not\n considered.(CVE-2017-11523)The WriteBlob function in\n MagickCore/blob.c in ImageMagick before 6.9.8-10 and\n 7.x before 7.6.0-0 allows remote attackers to cause a\n denial of service (assertion failure and application\n exit) via a crafted file.(CVE-2017-11524)The\n ReadCINImage function in coders/cin.c in ImageMagick\n before 6.9.9-0 and 7.x before 7.0.6-1 allows remote\n attackers to cause a denial of service (memory\n consumption) via a crafted file.(CVE-2017-11525)The\n ReadOneMNGImage function in coders/png.c in ImageMagick\n before 6.9.9-0 and 7.x before 7.0.6-1 allows remote\n attackers to cause a denial of service (large loop and\n CPU consumption) via a crafted file.(CVE-2017-11526)The\n ReadDPXImage function in coders/dpx.c in ImageMagick\n before 6.9.9-0 and 7.x before 7.0.6-1 allows remote\n attackers to cause a denial of service (memory\n consumption) via a crafted file.(CVE-2017-11527)The\n ReadDIBImage function in coders/dib.c in ImageMagick\n before 6.9.9-0 and 7.x before 7.0.6-1 allows remote\n attackers to cause a denial of service (memory leak)\n via a crafted file.(CVE-2017-11528)The ReadMATImage\n function in coders/mat.c in ImageMagick before 6.9.9-0\n and 7.x before 7.0.6-1 allows remote attackers to cause\n a denial of service (memory leak) via a crafted\n file.(CVE-2017-11529)The ReadEPTImage function in\n coders/ept.c in ImageMagick before 6.9.9-0 and 7.x\n before 7.0.6-1 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted\n file.(CVE-2017-11530)The ProcessMSLScript function in\n coders/msl.c in ImageMagick before 6.9.9-5 and 7.x\n before 7.0.6-5 allows remote attackers to cause a\n denial of service (memory leak) via a crafted file,\n related to the WriteMSLImage\n function.(CVE-2017-12427)In ImageMagick before 6.9.9-0\n and 7.x before 7.0.6-1, the ReadOneMNGImage function in\n coders/png.c has an out-of-bounds read with the MNG\n CLIP chunk.(CVE-2017-13139)In ImageMagick before\n 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage\n function in coders/png.c allows remote attackers to\n cause a denial of service (application hang in\n LockSemaphoreInfo) via a PNG file with a width equal to\n MAGICK_WIDTH_LIMIT.(CVE-2017-13140)In ImageMagick\n before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file\n could trigger a memory leak in ReadOnePNGImage in\n coders/png.c.(CVE-2017-13141)In ImageMagick before\n 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file\n could trigger a crash because there was an insufficient\n check for short files.(CVE-2017-13142)In ImageMagick\n before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage\n function in coders/mat.c uses uninitialized data, which\n might allow remote attackers to obtain sensitive\n information from process memory.(CVE-2017-13143)In\n ImageMagick before 6.9.7-10, there is a crash (rather\n than a ''width or height exceeds limit'' error report)\n if the image dimensions are too large, as demonstrated\n by use of the mpc coder.(CVE-2017-13144)In ImageMagick\n before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image\n function in coders/jp2.c does not properly validate the\n channel geometry, leading to a crash.(CVE-2017-13145)In\n ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6,\n there is a memory leak in the ReadMATImage function in\n coders/mat.c.(CVE-2017-13146)In ImageMagick before\n 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL\n check in the ReadMATImage function in coders/mat.c,\n leading to a denial of service (assertion failure and\n application exit) in the DestroyImageInfo function in\n MagickCore/image.c.(CVE-2017-13658)ImageMagick before\n 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free\n in Magick::Image::read in\n Magick++/lib/Image.cpp.(CVE-2017-17499)ImageMagick\n before 7.0.7-12 has a coders/png.c\n Magick_png_read_raw_profile heap-based buffer over-read\n via a crafted file, related to\n ReadOneMNGImage.(CVE-2017-17504)Memory leak in\n coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x\n before 7.0.4-4 allows remote attackers to cause a\n denial of service (memory consumption) via vectors\n involving a pixel cache.(CVE-2017-5507)Heap-based\n buffer overflow in the PushQuantumPixel function in\n ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3\n allows remote attackers to cause a denial of service\n (application crash) via a crafted TIFF\n file.(CVE-2017-5508)coders/psd.c in ImageMagick allows\n remote attackers to have unspecified impact via a\n crafted PSD file, which triggers an out-of-bounds\n write.(CVE-2017-5509)coders/psd.c in ImageMagick allows\n remote attackers to have unspecified impact via a\n crafted PSD file, which triggers an out-of-bounds\n write.(CVE-2017-5510)An issue was discovered in\n ImageMagick 6.9.7. A specially crafted psd file could\n lead to a NULL pointer dereference (thus, a\n DoS).(CVE-2017-6497)An issue was discovered in\n ImageMagick 6.9.7. Incorrect TGA files could trigger\n assertion failures, thus leading to\n DoS.(CVE-2017-6498)An issue was discovered in Magick++\n in ImageMagick 6.9.7. A specially crafted file creating\n a nested exception could lead to a memory leak (thus, a\n DoS).(CVE-2017-6499)An issue was discovered in\n ImageMagick 6.9.7. A specially crafted sun file\n triggers a heap-based buffer\n over-read.(CVE-2017-6500)An issue was discovered in\n ImageMagick 6.9.7. A specially crafted xcf file could\n lead to a NULL pointer dereference.(CVE-2017-6501)An\n issue was discovered in ImageMagick 6.9.7. A specially\n crafted webp file could lead to a file-descriptor leak\n in libmagickcore (thus, a DoS).(CVE-2017-6502)The\n ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4\n allows remote attackers to consume an amount of\n available memory via a crafted file.(CVE-2017-7941)The\n ReadAVSImage function in avs.c in ImageMagick 7.0.5-4\n allows remote attackers to consume an amount of\n available memory via a crafted file.(CVE-2017-7942)The\n ReadSVGImage function in svg.c in ImageMagick 7.0.5-4\n allows remote attackers to consume an amount of\n available memory via a crafted\n file.(CVE-2017-7943)ReadXBMImage in coders/xbm.c in\n ImageMagick before 7.0.8-9 leaves data uninitialized\n when processing an XBM file that has a negative pixel\n value. If the affected code is used as a library loaded\n into a process that includes sensitive information,\n that information sometimes can be leaked via the image\n data.(CVE-2018-16323)In ImageMagick before 7.0.8-8, a\n NULL pointer dereference exists in the\n CheckEventLogging function in\n MagickCore/log.c.(CVE-2018-16328)In coders/bmp.c in\n ImageMagick before 7.0.8-16, an input file can result\n in an infinite loop and hang, with high CPU and memory\n consumption. Remote attackers could leverage this\n vulnerability to cause a denial of service via a\n crafted file.(CVE-2018-20467)In the ReadDCMImage\n function in coders/dcm.c in ImageMagick before\n 7.0.7-23, each redmap, greenmap, and bluemap variable\n can be overwritten by a new pointer. The previous\n pointer is lost, which leads to a memory leak. This\n allows remote attackers to cause a denial of\n service.(CVE-2018-6405)ImageMagick before 7.0.8-50 has\n a memory leak vulnerability in the function\n ReadBMPImage in\n coders/bmp.c.(CVE-2019-13133)ImageMagick before\n 7.0.8-50 has a memory leak vulnerability in the\n function ReadVIFFImage in\n coders/viff.c.(CVE-2019-13134)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1390\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87d1a530\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ImageMagick packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16328\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ImageMagick-6.9.9.38-1.h6\",\n \"ImageMagick-c++-6.9.9.38-1.h6\",\n \"ImageMagick-libs-6.9.9.38-1.h6\",\n \"ImageMagick-perl-6.9.9.38-1.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-06T15:35:53", "description": "According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more.ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well.Security Fix(es):In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175)ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564 )The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.(CVE-2016-10068)The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.(CVE-2016-5690)Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.(CVE-2016-7520)MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.(CVE-2016-7799)The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.(CVE-2017-11526)In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.(CVE-2017-13143)coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5510)In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.(CVE-2018-6405)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.(CVE-2014-9825)Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.(CVE-2015-8957)Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10057)magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving 'too many exceptions,' which trigger a buffer overflow.(CVE-2016-10067)The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.(CVE-2016-5689)The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.(CVE-2016-7519)Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.(CVE-2016-7539)The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.(CVE-2017-11524)In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.(CVE-2017-13142)coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.(CVE-2017-5509)The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7943)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.(CVE-2014-9824)The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.(CVE-2015-8903)Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10056)Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10066)The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.(CVE-2016-5688)The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.(CVE-2016-7518)The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.(CVE-2016-7534)The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.(CVE-2017-11523)In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.(CVE-2017-13141)Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.(CVE-2017-5508)The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7942)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.(CVE-2014-9823)The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.(CVE-2015-8902)Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10055)The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10065)The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.(CVE-2016-5687)The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.(CVE-2016-7517)The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.(CVE-2016-7533)The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.(CVE-2017-11505)In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.(CVE-2017-13140)Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.(CVE-2017-5507)The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.(CVE-2017-7941)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.(CVE-2014-9822)ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.(CVE-2015-8901)Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10054)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10064)Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.(CVE-2016-10252)The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.(CVE-2016-7516)MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.(CVE-2016-7531)The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.(CVE-2017-11478)In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.(CVE-2017-13139)ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.(CVE-2017-17504)An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).(CVE-2017-6502)Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.(CVE-2014-9821)The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.(CVE-2015-8900)The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.(CVE-2016-10053)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.(CVE-2016-10063)Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.(CVE-2016-10145)The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.(CVE-2016-7515)The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.(CVE-2016-7530)coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.(CVE-2016-9559)The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.(CVE-2017-12427)ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.(CVE-2017-17499)An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.(CVE-2017-6501)The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).(CVE-2014-8716)coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.(CVE-2014-9907)Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.(CVE-2016-10052)The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10062)coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.(CVE-2016-10144)The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.(CVE-2016-7101)coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.(CVE-2016-7529)The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.(CVE-2016-8866)The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11530)In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.(CVE-2017-13658)An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.(CVE-2017-6500)DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8562)coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the 'identification of image.'(CVE-2014-9854)Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.(CVE-2016-10049)The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.(CVE-2016-10061)coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.(CVE-2016-10071)Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.(CVE-2016-6823)The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.(CVE-2016-7528)An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.(CVE-2016-8707)The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.(CVE-2017-11529)In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.(CVE-2017-13146)An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).(CVE-2017-6499)PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8355)Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.(CVE-2014-9853)Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.(CVE-2016-10047)The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2016-10060)Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.(CVE-2016-10070)Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.(CVE-2016-6491)coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.(CVE-2016-7526)The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.(CVE-2016-8677)The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.(CVE-2017-11528)In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.(CVE-2017-13145)An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.(CVE-2017-6498)The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.(CVE-2014-8354)distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.(CVE-2014-9852)Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.(CVE-2016-10046)Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.(CVE-2016-10059)coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.(CVE-2016-10069)The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.(CVE-2016-5691)Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.(CVE-2016-7525)magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.(CVE-2016-7906)The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11527)In ImageMagick before 6.9.7-10, there is a crash (rather than a 'width or height exceeds limit' error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.(CVE-2017-13144)An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).(CVE-2017-6497)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716", "CVE-2014-9819", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9825", "CVE-2014-9837", "CVE-2014-9852", "CVE-2014-9853", "CVE-2014-9854", "CVE-2014-9907", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2015-8957", "CVE-2015-8958", "CVE-2016-10046", "CVE-2016-10047", "CVE-2016-10049", "CVE-2016-10052", "CVE-2016-10053", "CVE-2016-10054", "CVE-2016-10055", "CVE-2016-10056", "CVE-2016-10057", "CVE-2016-10058", "CVE-2016-10059", "CVE-2016-10060", "CVE-2016-10061", "CVE-2016-10062", "CVE-2016-10063", "CVE-2016-10064", "CVE-2016-10065", "CVE-2016-10066", "CVE-2016-10067", "CVE-2016-10068", "CVE-2016-10069", "CVE-2016-10070", "CVE-2016-10071", "CVE-2016-10144", "CVE-2016-10145", "CVE-2016-10252", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7539", "CVE-2016-7799", "CVE-2016-7906", "CVE-2016-8677", "CVE-2016-8707", "CVE-2016-8862", "CVE-2016-8866", "CVE-2016-9559", "CVE-2017-11478", "CVE-2017-11505", "CVE-2017-11523", "CVE-2017-11524", "CVE-2017-11525", "CVE-2017-11526", "CVE-2017-11527", "CVE-2017-11528", "CVE-2017-11529", "CVE-2017-11530", "CVE-2017-12427", "CVE-2017-13139", "CVE-2017-13140", "CVE-2017-13141", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13146", "CVE-2017-13658", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5509", "CVE-2017-5510", "CVE-2017-6497", "CVE-2017-6498", "CVE-2017-6499", "CVE-2017-6500", "CVE-2017-6501", "CVE-2017-6502", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2018-16323", "CVE-2018-16328", "CVE-2018-20467", "CVE-2018-6405", "CVE-2019-7175"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ImageMagick", "p-cpe:/a:huawei:euleros:imagemagick-c%2b%2b", "p-cpe:/a:huawei:euleros:ImageMagick-libs", "p-cpe:/a:huawei:euleros:ImageMagick-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2354.NASL", "href": "https://www.tenable.com/plugins/nessus/131846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131846);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-8354\",\n \"CVE-2014-8355\",\n \"CVE-2014-8562\",\n \"CVE-2014-8716\",\n \"CVE-2014-9821\",\n \"CVE-2014-9822\",\n \"CVE-2014-9823\",\n \"CVE-2014-9824\",\n \"CVE-2014-9825\",\n \"CVE-2014-9837\",\n \"CVE-2014-9852\",\n \"CVE-2014-9853\",\n \"CVE-2014-9854\",\n \"CVE-2014-9907\",\n \"CVE-2015-8900\",\n \"CVE-2015-8901\",\n \"CVE-2015-8902\",\n \"CVE-2015-8903\",\n \"CVE-2015-8957\",\n \"CVE-2015-8958\",\n \"CVE-2016-10046\",\n \"CVE-2016-10047\",\n \"CVE-2016-10049\",\n \"CVE-2016-10052\",\n \"CVE-2016-10053\",\n \"CVE-2016-10054\",\n \"CVE-2016-10055\",\n \"CVE-2016-10056\",\n \"CVE-2016-10057\",\n \"CVE-2016-10058\",\n \"CVE-2016-10059\",\n \"CVE-2016-10060\",\n \"CVE-2016-10061\",\n \"CVE-2016-10062\",\n \"CVE-2016-10063\",\n \"CVE-2016-10064\",\n \"CVE-2016-10065\",\n \"CVE-2016-10066\",\n \"CVE-2016-10067\",\n \"CVE-2016-10068\",\n \"CVE-2016-10069\",\n \"CVE-2016-10070\",\n \"CVE-2016-10071\",\n \"CVE-2016-10144\",\n \"CVE-2016-10145\",\n \"CVE-2016-10252\",\n \"CVE-2016-4562\",\n \"CVE-2016-4563\",\n \"CVE-2016-4564\",\n \"CVE-2016-5687\",\n \"CVE-2016-5688\",\n \"CVE-2016-5689\",\n \"CVE-2016-5690\",\n \"CVE-2016-5691\",\n \"CVE-2016-6491\",\n \"CVE-2016-6823\",\n \"CVE-2016-7101\",\n \"CVE-2016-7515\",\n \"CVE-2016-7516\",\n \"CVE-2016-7517\",\n \"CVE-2016-7518\",\n \"CVE-2016-7519\",\n \"CVE-2016-7520\",\n \"CVE-2016-7525\",\n \"CVE-2016-7526\",\n \"CVE-2016-7528\",\n \"CVE-2016-7529\",\n \"CVE-2016-7530\",\n \"CVE-2016-7531\",\n \"CVE-2016-7533\",\n \"CVE-2016-7534\",\n \"CVE-2016-7539\",\n \"CVE-2016-7799\",\n \"CVE-2016-7906\",\n \"CVE-2016-8677\",\n \"CVE-2016-8707\",\n \"CVE-2016-8866\",\n \"CVE-2016-9559\",\n \"CVE-2017-11478\",\n \"CVE-2017-11505\",\n \"CVE-2017-11523\",\n \"CVE-2017-11524\",\n \"CVE-2017-11525\",\n \"CVE-2017-11526\",\n \"CVE-2017-11527\",\n \"CVE-2017-11528\",\n \"CVE-2017-11529\",\n \"CVE-2017-11530\",\n \"CVE-2017-12427\",\n \"CVE-2017-13139\",\n \"CVE-2017-13140\",\n \"CVE-2017-13141\",\n \"CVE-2017-13142\",\n \"CVE-2017-13143\",\n \"CVE-2017-13144\",\n \"CVE-2017-13145\",\n \"CVE-2017-13146\",\n \"CVE-2017-13658\",\n \"CVE-2017-17499\",\n \"CVE-2017-17504\",\n \"CVE-2017-5507\",\n \"CVE-2017-5508\",\n \"CVE-2017-5509\",\n \"CVE-2017-5510\",\n \"CVE-2017-6497\",\n \"CVE-2017-6498\",\n \"CVE-2017-6499\",\n \"CVE-2017-6500\",\n \"CVE-2017-6501\",\n \"CVE-2017-6502\",\n \"CVE-2017-7941\",\n \"CVE-2017-7942\",\n \"CVE-2017-7943\",\n \"CVE-2018-16323\",\n \"CVE-2018-16328\",\n \"CVE-2018-20467\",\n \"CVE-2018-6405\",\n \"CVE-2019-7175\"\n );\n script_bugtraq_id(\n 70830,\n 70837,\n 70839,\n 70992\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ImageMagick packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - ImageMagick is an image display and manipulation tool\n for the X Window System. ImageMagick can read and write\n JPEG, TIFF, PNM, GIF,and Photo CD image formats. It can\n resize, rotate, sharpen, color reduce, or add special\n effects to an image, and when finished you can either\n save the completed work in the original format or a\n different one. ImageMagick also includes command line\n programs for creating animated or transparent .gifs,\n creating composite images, creating thumbnail images,\n and more.ImageMagick is one of your choices if you need\n a program to manipulate and display images. If you want\n to develop your own applications which use ImageMagick\n code or APIs, you need to install ImageMagick-devel as\n well.Security Fix(es):In ImageMagick before 7.0.8-25,\n some memory leaks exist in DecodeImage in\n coders/pcd.c.(CVE-2019-7175)ReadXBMImage in\n coders/xbm.c in ImageMagick before 7.0.8-9 leaves data\n uninitialized when processing an XBM file that has a\n negative pixel value. If the affected code is used as a\n library loaded into a process that includes sensitive\n information, that information sometimes can be leaked\n via the image data.(CVE-2018-16323)In ImageMagick\n before 7.0.8-8, a NULL pointer dereference exists in\n the CheckEventLogging function in\n MagickCore/log.c.(CVE-2018-16328)The DrawDashPolygon\n function in MagickCore/draw.c in ImageMagick before\n 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations\n of certain vertices integer data, which allows remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file.(CVE-2016-4562)The\n TraceStrokePolygon function in MagickCore/draw.c in\n ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2\n mishandles the relationship between the BezierQuantum\n value and certain strokes data, which allows remote\n attackers to cause a denial of service (buffer overflow\n and application crash) or possibly have unspecified\n other impact via a crafted file.(CVE-2016-4563)The\n DrawImage function in MagickCore/draw.c in ImageMagick\n before 6.9.4-0 and 7.x before 7.0.1-2 makes an\n incorrect function call in attempting to locate the\n next token, which allows remote attackers to cause a\n denial of service (buffer overflow and application\n crash) or possibly have unspecified other impact via a\n crafted file.(CVE-2016-4564 )The ReadCINImage function\n in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x\n before 7.0.6-1 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted\n file.(CVE-2017-11525)In coders/bmp.c in ImageMagick\n before 7.0.8-16, an input file can result in an\n infinite loop and hang, with high CPU and memory\n consumption. Remote attackers could leverage this\n vulnerability to cause a denial of service via a\n crafted file.(CVE-2018-20467)coders/pnm.c in\n ImageMagick 6.9.0-1 Beta and earlier allows remote\n attackers to cause a denial of service (crash) via a\n crafted png file.(CVE-2014-9837)coders/sun.c in\n ImageMagick before 6.9.0-4 Beta allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted SUN\n file.(CVE-2015-8958)Memory leak in the ReadPSDLayers\n function in coders/psd.c in ImageMagick before 6.9.6-3\n allows remote attackers to cause a denial of service\n (memory consumption) via a crafted image\n file.(CVE-2016-10058)The MSL interpreter in ImageMagick\n before 6.9.6-4 allows remote attackers to cause a\n denial of service (segmentation fault and application\n crash) via a crafted XML file.(CVE-2016-10068)The\n ReadDCMImage function in DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact via vectors\n involving the for statement in computing the pixel\n scaling table.(CVE-2016-5690)Heap-based buffer overflow\n in coders/hdr.c in ImageMagick allows remote attackers\n to cause a denial of service (out-of-bounds read) via a\n crafted HDR file.(CVE-2016-7520)MagickCore/profile.c in\n ImageMagick before 7.0.3-2 allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted file.(CVE-2016-7799)The ReadOneMNGImage\n function in coders/png.c in ImageMagick before 6.9.9-0\n and 7.x before 7.0.6-1 allows remote attackers to cause\n a denial of service (large loop and CPU consumption)\n via a crafted file.(CVE-2017-11526)In ImageMagick\n before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage\n function in coders/mat.c uses uninitialized data, which\n might allow remote attackers to obtain sensitive\n information from process\n memory.(CVE-2017-13143)coders/psd.c in ImageMagick\n allows remote attackers to have unspecified impact via\n a crafted PSD file, which triggers an out-of-bounds\n write.(CVE-2017-5510)In the ReadDCMImage function in\n coders/dcm.c in ImageMagick before 7.0.7-23, each\n redmap, greenmap, and bluemap variable can be\n overwritten by a new pointer. The previous pointer is\n lost, which leads to a memory leak. This allows remote\n attackers to cause a denial of\n service.(CVE-2018-6405)Heap-based buffer overflow in\n ImageMagick allows remote attackers to have unspecified\n impact via a crafted psd file, a different\n vulnerability than CVE-2014-9824.(CVE-2014-9825)Buffer\n overflow in ImageMagick before 6.9.0-4 Beta allows\n remote attackers to cause a denial of service\n (application crash) via a crafted SUN\n file.(CVE-2015-8957)Buffer overflow in the\n WriteGROUP4Image function in coders/tiff.c in\n ImageMagick before 6.9.5-8 allows remote attackers to\n cause a denial of service (application crash) or have\n other unspecified impact via a crafted\n file.(CVE-2016-10057)magick/memory.c in ImageMagick\n before 6.9.4-5 allows remote attackers to cause a\n denial of service (application crash) via vectors\n involving 'too many exceptions,' which trigger a buffer\n overflow.(CVE-2016-10067)The DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact by leveraging lack\n of NULL pointer checks.(CVE-2016-5689)The ReadRLEImage\n function in coders/rle.c in ImageMagick allows remote\n attackers to cause a denial of service (out-of-bounds\n read) via a crafted file.(CVE-2016-7519)Memory leak in\n AcquireVirtualMemory in ImageMagick before 7 allows\n remote attackers to cause a denial of service (memory\n consumption) via unspecified vectors.(CVE-2016-7539)The\n WriteBlob function in MagickCore/blob.c in ImageMagick\n before 6.9.8-10 and 7.x before 7.6.0-0 allows remote\n attackers to cause a denial of service (assertion\n failure and application exit) via a crafted\n file.(CVE-2017-11524)In ImageMagick before 6.9.9-0 and\n 7.x before 7.0.6-1, a crafted PNG file could trigger a\n crash because there was an insufficient check for short\n files.(CVE-2017-13142)coders/psd.c in ImageMagick\n allows remote attackers to have unspecified impact via\n a crafted PSD file, which triggers an out-of-bounds\n write.(CVE-2017-5509)The ReadSVGImage function in svg.c\n in ImageMagick 7.0.5-4 allows remote attackers to\n consume an amount of available memory via a crafted\n file.(CVE-2017-7943)Heap-based buffer overflow in\n ImageMagick allows remote attackers to have unspecified\n impact via a crafted psd file, a different\n vulnerability than CVE-2014-9825.(CVE-2014-9824)The\n ReadVICARImage function in coders/vicar.c in\n ImageMagick 6.x before 6.9.0-5 Beta allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted VICAR file.(CVE-2015-8903)Buffer overflow\n in the sixel_decode function in coders/sixel.c in\n ImageMagick before 6.9.5-8 allows remote attackers to\n cause a denial of service (application crash) or have\n other unspecified impact via a crafted\n file.(CVE-2016-10056)Buffer overflow in the\n ReadVIFFImage function in coders/viff.c in ImageMagick\n before 6.9.4-5 allows remote attackers to cause a\n denial of service (application crash) via a crafted\n file.(CVE-2016-10066)The WPG parser in ImageMagick\n before 6.9.4-4 and 7.x before 7.0.1-5, when a memory\n limit is set, allows remote attackers to have\n unspecified impact via vectors related to the\n SetImageExtent return-value check, which trigger (1) a\n heap-based buffer overflow in the SetPixelIndex\n function or an invalid write operation in the (2)\n ScaleCharToQuantum or (3) SetPixelIndex\n functions.(CVE-2016-5688)The ReadSUNImage function in\n coders/sun.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted SUN file.(CVE-2016-7518)The generic decoder in\n ImageMagick allows remote attackers to cause a denial\n of service (out-of-bounds access) via a crafted\n file.(CVE-2016-7534)The ReadTXTImage function in\n coders/txt.c in ImageMagick through 6.9.9-0 and 7.x\n through 7.0.6-1 allows remote attackers to cause a\n denial of service (infinite loop) via a crafted file,\n because the end-of-file condition is not\n considered.(CVE-2017-11523)In ImageMagick before\n 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could\n trigger a memory leak in ReadOnePNGImage in\n coders/png.c.(CVE-2017-13141)Heap-based buffer overflow\n in the PushQuantumPixel function in ImageMagick before\n 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted TIFF file.(CVE-2017-5508)The ReadAVSImage\n function in avs.c in ImageMagick 7.0.5-4 allows remote\n attackers to consume an amount of available memory via\n a crafted file.(CVE-2017-7942)Heap-based buffer\n overflow in ImageMagick allows remote attackers to have\n unspecified impact via a crafted palm file, a different\n vulnerability than CVE-2014-9819.(CVE-2014-9823)The\n ReadBlobByte function in coders/pdb.c in ImageMagick\n 6.x before 6.9.0-5 Beta allows remote attackers to\n cause a denial of service (infinite loop) via a crafted\n PDB file.(CVE-2015-8902)Buffer overflow in the\n WritePDBImage function in coders/pdb.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted\n file.(CVE-2016-10055)The ReadVIFFImage function in\n coders/viff.c in ImageMagick before 7.0.1-0 allows\n remote attackers to cause a denial of service\n (application crash) or have other unspecified impact\n via a crafted file.(CVE-2016-10065)The VerticalFilter\n function in the DDS coder in ImageMagick before 6.9.4-3\n and 7.x before 7.0.1-4 allows remote attackers to have\n unspecified impact via a crafted DDS file, which\n triggers an out-of-bounds read.(CVE-2016-5687)The\n EncodeImage function in coders/pict.c in ImageMagick\n allows remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted PICT\n file.(CVE-2016-7517)The ReadWPGImage function in\n coders/wpg.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via a\n crafted WPG file.(CVE-2016-7533)The ReadOneJNGImage\n function in coders/png.c in ImageMagick through 6.9.9-0\n and 7.x through 7.0.6-1 allows remote attackers to\n cause a denial of service (large loop and CPU\n consumption) via a malformed JNG\n file.(CVE-2017-11505)In ImageMagick before 6.9.9-1 and\n 7.x before 7.0.6-2, the ReadOnePNGImage function in\n coders/png.c allows remote attackers to cause a denial\n of service (application hang in LockSemaphoreInfo) via\n a PNG file with a width equal to\n MAGICK_WIDTH_LIMIT.(CVE-2017-13140)Memory leak in\n coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x\n before 7.0.4-4 allows remote attackers to cause a\n denial of service (memory consumption) via vectors\n involving a pixel cache.(CVE-2017-5507)The ReadSGIImage\n function in sgi.c in ImageMagick 7.0.5-4 allows remote\n attackers to consume an amount of available memory via\n a crafted file.(CVE-2017-7941)Heap-based buffer\n overflow in ImageMagick allows remote attackers to have\n unspecified impact via a crafted quantum\n file.(CVE-2014-9822)ImageMagick 6.x before 6.9.0-5 Beta\n allows remote attackers to cause a denial of service\n (infinite loop) via a crafted MIFF\n file.(CVE-2015-8901)Buffer overflow in the\n WriteMAPImage function in coders/map.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (application crash) or have other\n unspecified impact via a crafted\n file.(CVE-2016-10054)Buffer overflow in coders/tiff.c\n in ImageMagick before 6.9.5-1 allows remote attackers\n to cause a denial of service (application crash) or\n have other unspecified impact via a crafted\n file.(CVE-2016-10064)Memory leak in the IsOptionMember\n function in MagickCore/option.c in ImageMagick before\n 6.9.2-2, as used in ODR-PadEnc and other products,\n allows attackers to trigger memory\n consumption.(CVE-2016-10252)The ReadVIFFImage function\n in coders/viff.c in ImageMagick allows remote attackers\n to cause a denial of service (out-of-bounds read) via a\n crafted VIFF file.(CVE-2016-7516)MagickCore/memory.c in\n ImageMagick allows remote attackers to cause a denial\n of service (out-of-bounds write) via a crafted PDB\n file.(CVE-2016-7531)The ReadOneDJVUImage function in\n coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x\n through 7.0.6-1 allows remote attackers to cause a\n denial of service (infinite loop and CPU consumption)\n via a malformed DJVU image.(CVE-2017-11478)In\n ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the\n ReadOneMNGImage function in coders/png.c has an\n out-of-bounds read with the MNG CLIP\n chunk.(CVE-2017-13139)ImageMagick before 7.0.7-12 has a\n coders/png.c Magick_png_read_raw_profile heap-based\n buffer over-read via a crafted file, related to\n ReadOneMNGImage.(CVE-2017-17504)An issue was discovered\n in ImageMagick 6.9.7. A specially crafted webp file\n could lead to a file-descriptor leak in libmagickcore\n (thus, a DoS).(CVE-2017-6502)Heap-based buffer overflow\n in ImageMagick allows remote attackers to have\n unspecified impact via a crafted xpm\n file.(CVE-2014-9821)The ReadHDRImage function in\n coders/hdr.c in ImageMagick 6.x and 7.x allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted HDR file.(CVE-2015-8900)The\n WriteTIFFImage function in coders/tiff.c in ImageMagick\n before 6.9.5-8 allows remote attackers to cause a\n denial of service (divide-by-zero error and application\n crash) via a crafted file.(CVE-2016-10053)Buffer\n overflow in coders/tiff.c in ImageMagick before 6.9.5-1\n allows remote attackers to cause a denial of service\n (application crash) or have other unspecified impact\n via a crafted file, related to extend\n validity.(CVE-2016-10063)Off-by-one error in\n coders/wpg.c in ImageMagick allows remote attackers to\n have unspecified impact via vectors related to a string\n copy.(CVE-2016-10145)The ReadRLEImage function in\n coders/rle.c in ImageMagick allows remote attackers to\n cause a denial of service (out-of-bounds read) via\n vectors related to the number of\n pixels.(CVE-2016-7515)The quantum handling code in\n ImageMagick allows remote attackers to cause a denial\n of service (divide-by-zero error or out-of-bounds\n write) via a crafted file.(CVE-2016-7530)coders/tiff.c\n in ImageMagick before 7.0.3.7 allows remote attackers\n to cause a denial of service (NULL pointer dereference\n and crash) via a crafted image.(CVE-2016-9559)The\n ProcessMSLScript function in coders/msl.c in\n ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5\n allows remote attackers to cause a denial of service\n (memory leak) via a crafted file, related to the\n WriteMSLImage function.(CVE-2017-12427)ImageMagick\n before 6.9.9-24 and 7.x before 7.0.7-12 has a\n use-after-free in Magick::Image::read in\n Magick++/lib/Image.cpp.(CVE-2017-17499)An issue was\n discovered in ImageMagick 6.9.7. A specially crafted\n xcf file could lead to a NULL pointer\n dereference.(CVE-2017-6501)The JPEG decoder in\n ImageMagick before 6.8.9-9 allows local users to cause\n a denial of service (out-of-bounds memory access and\n crash).(CVE-2014-8716)coders/dds.c in ImageMagick\n allows remote attackers to cause a denial of service\n via a crafted DDS file.(CVE-2014-9907)Buffer overflow\n in the WriteProfile function in coders/jpeg.c in\n ImageMagick before 6.9.5-6 allows remote attackers to\n cause a denial of service (application crash) or have\n other unspecified impact via a crafted\n file.(CVE-2016-10052)The ReadGROUP4Image function in\n coders/tiff.c in ImageMagick does not check the return\n value of the fwrite function, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted file.(CVE-2016-10062)coders/ipl.c\n in ImageMagick allows remote attackers to have\n unspecific impact by leveraging a missing malloc\n check.(CVE-2016-10144)The SGI coder in ImageMagick\n before 7.0.2-10 allows remote attackers to cause a\n denial of service (out-of-bounds read) via a large row\n value in an sgi file.(CVE-2016-7101)coders/xcf.c in\n ImageMagick allows remote attackers to cause a denial\n of service (out-of-bounds read) via a crafted XCF\n file.(CVE-2016-7529)The AcquireMagickMemory function in\n MagickCore/memory.c in ImageMagick 7.0.3.3 before\n 7.0.3.8 allows remote attackers to have unspecified\n impact via a crafted image, which triggers a memory\n allocation failure. NOTE: this vulnerability exists\n because of an incomplete fix for\n CVE-2016-8862.(CVE-2016-8866)The ReadEPTImage function\n in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x\n before 7.0.6-1 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted\n file.(CVE-2017-11530)In ImageMagick before 6.9.9-3 and\n 7.x before 7.0.6-3, there is a missing NULL check in\n the ReadMATImage function in coders/mat.c, leading to a\n denial of service (assertion failure and application\n exit) in the DestroyImageInfo function in\n MagickCore/image.c.(CVE-2017-13658)An issue was\n discovered in ImageMagick 6.9.7. A specially crafted\n sun file triggers a heap-based buffer\n over-read.(CVE-2017-6500)DCM decode in ImageMagick\n before 6.8.9-9 allows remote attackers to cause a\n denial of service (out-of-bounds\n read).(CVE-2014-8562)coders/tiff.c in ImageMagick\n allows remote attackers to cause a denial of service\n (application crash) via vectors related to the\n 'identification of image.'(CVE-2014-9854)Buffer\n overflow in the ReadRLEImage function in coders/rle.c\n in ImageMagick before 6.9.4-4 allows remote attackers\n to cause a denial of service (application crash) or\n have other unspecified impact via a crafted RLE\n file.(CVE-2016-10049)The ReadGROUP4Image function in\n coders/tiff.c in ImageMagick before 7.0.1-10 does not\n check the return value of the fputc function, which\n allows remote attackers to cause a denial of service\n (crash) via a crafted image\n file.(CVE-2016-10061)coders/mat.c in ImageMagick before\n 6.9.4-0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) via\n a crafted mat file.(CVE-2016-10071)Integer overflow in\n the BMP coder in ImageMagick before 7.0.2-10 allows\n remote attackers to cause a denial of service (crash)\n via crafted height and width values, which triggers an\n out-of-bounds write.(CVE-2016-6823)The ReadVIFFImage\n function in coders/viff.c in ImageMagick allows remote\n attackers to cause a denial of service (segmentation\n fault) via a crafted VIFF file.(CVE-2016-7528)An\n exploitable out of bounds write exists in the handling\n of compressed TIFF images in ImageMagicks's convert\n utility. A crafted TIFF document can lead to an out of\n bounds write which in particular circumstances could be\n leveraged into remote code execution. The vulnerability\n can be triggered through any user controlled TIFF that\n is handled by this functionality.(CVE-2016-8707)The\n ReadMATImage function in coders/mat.c in ImageMagick\n before 6.9.9-0 and 7.x before 7.0.6-1 allows remote\n attackers to cause a denial of service (memory leak)\n via a crafted file.(CVE-2017-11529)In ImageMagick\n before 6.9.8-5 and 7.x before 7.0.5-6, there is a\n memory leak in the ReadMATImage function in\n coders/mat.c.(CVE-2017-13146)An issue was discovered in\n Magick++ in ImageMagick 6.9.7. A specially crafted file\n creating a nested exception could lead to a memory leak\n (thus, a DoS).(CVE-2017-6499)PCX parser code in\n ImageMagick before 6.8.9-9 allows remote attackers to\n cause a denial of service (out-of-bounds\n read).(CVE-2014-8355)Memory leak in coders/rle.c in\n ImageMagick allows remote attackers to cause a denial\n of service (memory consumption) via a crafted rle\n file.(CVE-2014-9853)Memory leak in the NewXMLTree\n function in magick/xml-tree.c in ImageMagick before\n 6.9.4-7 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted XML\n file.(CVE-2016-10047)The ConcatenateImages function in\n MagickWand/magick-cli.c in ImageMagick before 7.0.1-10\n does not check the return value of the fputc function,\n which allows remote attackers to cause a denial of\n service (application crash) via a crafted\n file.(CVE-2016-10060)Heap-based buffer overflow in the\n CalcMinMax function in coders/mat.c in ImageMagick\n before 6.9.4-0 allows remote attackers to cause a\n denial of service (out-of-bounds read and application\n crash) via a crafted mat file.(CVE-2016-10070)Buffer\n overflow in the Get8BIMProperty function in\n MagickCore/property.c in ImageMagick before 6.9.5-4 and\n 7.x before 7.0.2-6 allows remote attackers to cause a\n denial of service (out-of-bounds read, memory leak, and\n crash) via a crafted image.(CVE-2016-6491)coders/wpg.c\n in ImageMagick allows remote attackers to cause a\n denial of service (out-of-bounds write) via a crafted\n file.(CVE-2016-7526)The AcquireQuantumPixels function\n in MagickCore/quantum.c in ImageMagick before 7.0.3-1\n allows remote attackers to have unspecified impact via\n a crafted image file, which triggers a memory\n allocation failure.(CVE-2016-8677)The ReadDIBImage\n function in coders/dib.c in ImageMagick before 6.9.9-0\n and 7.x before 7.0.6-1 allows remote attackers to cause\n a denial of service (memory leak) via a crafted\n file.(CVE-2017-11528)In ImageMagick before 6.9.8-8 and\n 7.x before 7.0.5-9, the ReadJP2Image function in\n coders/jp2.c does not properly validate the channel\n geometry, leading to a crash.(CVE-2017-13145)An issue\n was discovered in ImageMagick 6.9.7. Incorrect TGA\n files could trigger assertion failures, thus leading to\n DoS.(CVE-2017-6498)The HorizontalFilter function in\n resize.c in ImageMagick before 6.8.9-9 allows remote\n attackers to cause a denial of service (out-of-bounds\n read) via a crafted image\n file.(CVE-2014-8354)distribute-cache.c in ImageMagick\n re-uses objects after they have been destroyed, which\n allows remote attackers to have unspecified impact via\n unspecified vectors.(CVE-2014-9852)Heap-based buffer\n overflow in the DrawImage function in magick/draw.c in\n ImageMagick before 6.9.5-5 allows remote attackers to\n cause a denial of service (application crash) via a\n crafted image file.(CVE-2016-10046)Buffer overflow in\n coders/tiff.c in ImageMagick before 6.9.4-1 allows\n remote attackers to cause a denial of service\n (application crash) or have unspecified other impact\n via a crafted TIFF file.(CVE-2016-10059)coders/mat.c in\n ImageMagick before 6.9.4-5 allows remote attackers to\n cause a denial of service (application crash) via a mat\n file with an invalid number of\n frames.(CVE-2016-10069)The DCM reader in ImageMagick\n before 6.9.4-5 and 7.x before 7.0.1-7 allows remote\n attackers to have unspecified impact by leveraging lack\n of validation of (1) pixel.red, (2) pixel.green, and\n (3) pixel.blue.(CVE-2016-5691)Heap-based buffer\n overflow in coders/psd.c in ImageMagick allows remote\n attackers to cause a denial of service (out-of-bounds\n read) via a crafted PSD\n file.(CVE-2016-7525)magick/attribute.c in ImageMagick\n 7.0.3-2 allows remote attackers to cause a denial of\n service (use-after-free) via a crafted\n file.(CVE-2016-7906)The ReadDPXImage function in\n coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x\n before 7.0.6-1 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted\n file.(CVE-2017-11527)In ImageMagick before 6.9.7-10,\n there is a crash (rather than a 'width or height\n exceeds limit' error report) if the image dimensions\n are too large, as demonstrated by use of the mpc\n coder.(CVE-2017-13144)An issue was discovered in\n ImageMagick 6.9.7. A specially crafted psd file could\n lead to a NULL pointer dereference (thus, a\n DoS).(CVE-2017-6497)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1aef7cdc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ImageMagick packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16328\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ImageMagick-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ImageMagick-6.9.9.38-1.h4\",\n \"ImageMagick-c++-6.9.9.38-1.h4\",\n \"ImageMagick-libs-6.9.9.38-1.h4\",\n \"ImageMagick-perl-6.9.9.38-1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:38:47", "description": "This update for GraphicsMagick fixes the following issues:\n\n - a possible shell execution attack was fixed. if the first character of\n an input filename for 'convert' was a '|' then the remainder of the\n filename was passed to the shell (CVE-2016-5118, boo#982178)\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,\n [boo#983752])\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809,\n boo#983799)\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815,\n boo#984372)\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,\n boo#984400)\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,\n boo#984145, boo#984375)\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845,\n boo#984394)\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n - Fix out of bound access for malformed psd file (CVE-2016-7522,\n boo#1000698)\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533,\n boo#1000707)\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537,\n boo#1000711)\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n - Divide by zero in WriteTIFFImage (do not divide by zero in\n WriteTIFFImage, boo#1002206)\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer\n overflow, boo#1002209)\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,\n boo#1002422)\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n - Mismatch between real filesize and header values (CVE-2016-8684,\n boo#1005123)\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682,\n boo#1005125)\n - Check that filesize is reasonable compared to the header value\n (CVE-2016-8683, boo#1005127)\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,\n boo#1007245)\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)\n\n", "cvss3": {}, "published": "2016-12-08T18:09:17", "type": "suse", "title": "Security update for GraphicsMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2016-7529", "CVE-2014-9831", "CVE-2016-8683", "CVE-2014-9853", "CVE-2014-9807", "CVE-2016-7533", "CVE-2014-9817", "CVE-2014-9845", "CVE-2014-9834", "CVE-2016-7997", "CVE-2016-7996", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2014-9820", "CVE-2016-9556", "CVE-2014-9837", "CVE-2014-9815", "CVE-2016-7528", "CVE-2014-9835", "CVE-2016-8862", "CVE-2014-9805", "CVE-2016-7522", "CVE-2016-8684", "CVE-2014-9846", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7101", "CVE-2016-8682", "CVE-2016-5118"], "modified": "2016-12-08T18:09:17", "id": "OPENSUSE-SU-2016:3060-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:38:57", "description": "This update for ImageMagick fixes the following issues:\n\n These vulnerabilities could be triggered by processing specially crafted\n image files, which could lead to a process crash or resource consumtion,\n or potentially have unspecified futher impact.\n\n - CVE-2016-8862: Memory allocation failure in AcquireMagickMemory\n (bsc#1007245)\n - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714)\n - CVE-2015-8959: DOS due to corrupted DDS files (bsc#1000713)\n - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711)\n - CVE-2016-6823: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066)\n - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688)\n - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689)\n - CVE-2016-7529: out of bound in quantum handling (bsc#1000399)\n - CVE-2016-7101: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221)\n - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436)\n - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629)\n - CVE-2016-7528: out of bound access in xcf file coder (bsc#1000434)\n - CVE-2016-8683: Check that filesize is reasonable compared to the header\n value (bsc#1005127)\n - CVE-2016-8682: Stack-buffer read overflow while reading SCT header\n (bsc#1005125)\n - CVE-2016-8684: Mismatch between real filesize and header values\n (bsc#1005123)\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209)\n - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701)\n - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in\n meta.c:465 (bsc#1000700)\n - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703)\n - CVE-2016-7531: Pbd file out of bound access (bsc#1000704)\n - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707)\n - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709)\n - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698)\n - CVE-2016-7517: out-of-bounds read in coders/pict.c (bsc#1000693)\n - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files\n (bsc#1000692)\n - CVE-2015-8958: Potential DOS in sun file handling due to malformed files\n (bsc#1000691)\n - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690)\n - CVE-2016-7519: out-of-bounds read in coders/rle.c (bsc#1000695)\n - CVE-2016-7518: out-of-bounds read in coders/sun.c (bsc#1000694)\n - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow\n (bsc#1002422)\n - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1\n meta.c:496 (bsc#1000699)\n - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421)\n\n", "cvss3": {}, "published": "2016-12-01T18:07:53", "type": "suse", "title": "Security update for ImageMagick (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7519", "CVE-2016-7529", "CVE-2016-7799", "CVE-2016-7526", "CVE-2016-7523", "CVE-2016-7525", "CVE-2016-7527", "CVE-2016-7530", "CVE-2016-8683", "CVE-2016-7533", "CVE-2016-7535", "CVE-2016-7997", "CVE-2016-7996", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-7516", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-7528", "CVE-2016-8862", "CVE-2014-9907", "CVE-2016-7522", "CVE-2016-7514", "CVE-2016-7518", "CVE-2016-8684", "CVE-2016-7537", "CVE-2015-8958", "CVE-2016-7800", "CVE-2016-7101", "CVE-2016-8682", "CVE-2016-7524", "CVE-2015-8959"], "modified": "2016-12-01T18:07:53", "id": "SUSE-SU-2016:2964-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00000.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9809", "CVE-2016-7529", "CVE-2014-9831", "CVE-2016-8683", "CVE-2014-9853", "CVE-2014-9807", "CVE-2016-7533", "CVE-2014-9817", "CVE-2014-9845", "CVE-2014-9834", "CVE-2016-7997", "CVE-2016-7996", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2014-9820", "CVE-2016-9556", "CVE-2014-9837", "CVE-2014-9815", "CVE-2016-7528", "CVE-2014-9835", "CVE-2016-8862", "CVE-2014-9805", "CVE-2016-7522", "CVE-2016-8684", "CVE-2014-9846", "CVE-2016-7537", "CVE-2016-7800", "CVE-2016-7101", "CVE-2016-8682", "CVE-2016-5118"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851511", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851511\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:17:51 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2014-9805\", \"CVE-2014-9807\", \"CVE-2014-9809\", \"CVE-2014-9815\",\n \"CVE-2014-9817\", \"CVE-2014-9820\", \"CVE-2014-9831\", \"CVE-2014-9834\",\n \"CVE-2014-9835\", \"CVE-2014-9837\", \"CVE-2014-9845\", \"CVE-2014-9846\",\n \"CVE-2014-9853\", \"CVE-2016-5118\", \"CVE-2016-6823\", \"CVE-2016-7101\",\n \"CVE-2016-7515\", \"CVE-2016-7522\", \"CVE-2016-7528\", \"CVE-2016-7529\",\n \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7537\", \"CVE-2016-7800\",\n \"CVE-2016-7996\", \"CVE-2016-7997\", \"CVE-2016-8682\", \"CVE-2016-8683\",\n \"CVE-2016-8684\", \"CVE-2016-8862\", \"CVE-2016-9556\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'GraphicsMagick'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for GraphicsMagick fixes the following issues:\n\n - a possible shell execution attack was fixed. if the first character of\n an input filename for 'convert' was a 'pipe' char then the remainder of the\n filename was passed to the shell (CVE-2016-5118, boo#982178)\n\n - Maliciously crafted pnm files could crash GraphicsMagick (CVE-2014-9805,\n [boo#983752])\n\n - Prevent overflow in rle files (CVE-2014-9846, boo#983521)\n\n - Fix a double free in pdb coder (CVE-2014-9807, boo#983794)\n\n - Fix a possible crash due to corrupted xwd images (CVE-2014-9809,\n boo#983799)\n\n - Fix a possible crash due to corrupted wpg images (CVE-2014-9815,\n boo#984372)\n\n - Fix a heap buffer overflow in pdb file handling (CVE-2014-9817,\n boo#984400)\n\n - Fix a heap overflow in xpm files (CVE-2014-9820, boo#984150)\n\n - Fix a heap overflow in pict files (CVE-2014-9834, boo#984436)\n\n - Fix a heap overflow in wpf files (CVE-2014-9835, CVE-2014-9831,\n boo#984145, boo#984375)\n\n - Additional PNM sanity checks (CVE-2014-9837, boo#984166)\n\n - Fix a possible crash due to corrupted dib file (CVE-2014-9845,\n boo#984394)\n\n - Fix out of bound in quantum handling (CVE-2016-7529, boo#1000399)\n\n - Fix out of bound access in xcf file coder (CVE-2016-7528, boo#1000434)\n\n - Fix handling of corrupted lle files (CVE-2016-7515, boo#1000689)\n\n - Fix out of bound access for malformed psd file (CVE-2016-7522,\n boo#1000698)\n\n - Fix out of bound access for pbd files (CVE-2016-7531, boo#1000704)\n\n - Fix out of bound access in corrupted wpg files (CVE-2016-7533,\n boo#1000707)\n\n - Fix out of bound access in corrupted pdb files (CVE-2016-7537,\n boo#1000711)\n\n - BMP Coder Out-Of-Bounds Write Vulnerability (CVE-2016-6823, boo#1001066)\n\n - SGI Coder Out-Of-Bounds Read Vulnerability (CVE-2016-7101, boo#1001221)\n\n - Divide by zero in WriteTIFFImage (do not divide by zero in\n WriteTIFFImage, boo#1002206)\n\n - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (fix buffer\n overflow, boo#1002209)\n\n - 8BIM/8BIMW unsigned underflow leads to heap overflow (CVE-2016-7800,\n boo#1002422)\n\n - wpg reader issues (CVE-2016-7996, CVE-2016-7997, boo#1003629)\n\n - Mismatch between real filesize and header values (CVE-2016-8684,\n boo#1005123)\n\n - Stack-buffer read overflow while reading SCT header (CVE-2016-8682,\n boo#1005125)\n\n - Check that filesize is reasonable compared to the header value\n (CVE-2016-8683, boo#1005127)\n\n - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862,\n boo#1007245)\n\n - heap-based buffer overflow in IsPixelGray (CVE-2016-9556, boo#1011130)\");\n\n script_tag(name:\"affected\", value:\"GraphicsMagick on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3060-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick\", rpm:\"GraphicsMagick~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debuginfo\", rpm:\"GraphicsMagick-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-debugsource\", rpm:\"GraphicsMagick-debugsource~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"GraphicsMagick-devel\", rpm:\"GraphicsMagick-devel~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12\", rpm:\"libGraphicsMagick++-Q16-12~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-Q16-12-debuginfo\", rpm:\"libGraphicsMagick++-Q16-12-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick++-devel\", rpm:\"libGraphicsMagick++-devel~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3\", rpm:\"libGraphicsMagick-Q16-3~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick-Q16-3-debuginfo\", rpm:\"libGraphicsMagick-Q16-3-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagick3-config\", rpm:\"libGraphicsMagick3-config~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2\", rpm:\"libGraphicsMagickWand-Q16-2~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libGraphicsMagickWand-Q16-2-debuginfo\", rpm:\"libGraphicsMagickWand-Q16-2-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick\", rpm:\"perl-GraphicsMagick~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-GraphicsMagick-debuginfo\", rpm:\"perl-GraphicsMagick-debuginfo~1.3.25~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-17T16:54:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2019-13134", "CVE-2016-10046", "CVE-2014-8716", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2014-9819", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2019-13133", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201390", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1390\");\n script_version(\"2020-04-16T05:46:13+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-13133\", \"CVE-2019-13134\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:46:13 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-1390)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1390\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1390\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2020-1390 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.(CVE-2014-8354)\n\nPCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8355)\n\nDCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).(CVE-2014-8562)\n\nThe JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).(CVE-2014-8716)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.(CVE-2014-9821)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.(CVE-2014-9822)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.(CVE-2014-9823)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.(CVE-2014-9824)\n\nHeap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.(CVE-2014-9825)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ndistribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.(CVE-2014-9852)\n\nMemory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.(CVE-2014-9853)\n\ncoders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the ''identification of image.''(CVE-2014-9854)\n\ncoders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.(CVE-2014-9907)\n\nThe ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.(CVE-2015-8900)\n\nImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.(CVE-2015-8901)\n\nThe ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:39:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13142", "CVE-2016-7519", "CVE-2016-7529", "CVE-2016-4562", "CVE-2016-7799", "CVE-2016-7526", "CVE-2017-7943", "CVE-2017-6502", "CVE-2017-13146", "CVE-2014-8562", "CVE-2016-8707", "CVE-2016-5688", "CVE-2016-10046", "CVE-2014-8716", "CVE-2019-7175", "CVE-2016-7525", "CVE-2017-13144", "CVE-2016-10066", "CVE-2017-11529", "CVE-2017-6500", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10252", "CVE-2017-13658", "CVE-2017-6499", "CVE-2016-10049", "CVE-2015-8902", "CVE-2017-13143", "CVE-2017-11523", "CVE-2016-10071", "CVE-2017-11478", "CVE-2016-10144", "CVE-2016-7539", "CVE-2014-9853", "CVE-2018-6405", "CVE-2015-8901", "CVE-2016-7520", "CVE-2017-6501", "CVE-2016-10061", "CVE-2015-8900", "CVE-2016-7533", "CVE-2015-8903", "CVE-2017-11527", "CVE-2016-10067", "CVE-2017-11525", "CVE-2016-7534", "CVE-2017-13139", "CVE-2016-8866", "CVE-2016-10052", "CVE-2014-8355", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-10064", "CVE-2016-10062", "CVE-2016-10145", "CVE-2017-11505", "CVE-2016-10056", "CVE-2017-11530", "CVE-2016-7531", "CVE-2016-10068", "CVE-2016-7515", "CVE-2016-10054", "CVE-2016-10063", "CVE-2017-5509", "CVE-2016-10060", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-10058", "CVE-2016-10053", "CVE-2017-5508", "CVE-2014-8354", "CVE-2016-7516", "CVE-2014-9852", "CVE-2014-9824", "CVE-2017-17504", "CVE-2017-5510", "CVE-2017-13141", "CVE-2016-7517", "CVE-2017-6497", "CVE-2015-8957", "CVE-2016-10059", "CVE-2017-11528", "CVE-2016-7906", "CVE-2016-8677", "CVE-2014-9837", "CVE-2018-20467", "CVE-2016-10065", "CVE-2016-7528", "CVE-2017-7941", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9907", "CVE-2018-16323", "CVE-2018-16328", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5690", "CVE-2017-11526", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-7101", "CVE-2016-10070", "CVE-2014-9854", "CVE-2017-17499", "CVE-2017-13140", "CVE-2016-9559", "CVE-2014-9823", "CVE-2016-5691", "CVE-2017-5507", "CVE-2016-10069", "CVE-2017-7942", "CVE-2017-12427", "CVE-2014-9825", "CVE-2017-6498", "CVE-2016-4564", "CVE-2017-13145", "CVE-2017-11524", "CVE-2014-9821"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220192354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192354", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2354\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-8354\", \"CVE-2014-8355\", \"CVE-2014-8562\", \"CVE-2014-8716\", \"CVE-2014-9821\", \"CVE-2014-9822\", \"CVE-2014-9823\", \"CVE-2014-9824\", \"CVE-2014-9825\", \"CVE-2014-9837\", \"CVE-2014-9852\", \"CVE-2014-9853\", \"CVE-2014-9854\", \"CVE-2014-9907\", \"CVE-2015-8900\", \"CVE-2015-8901\", \"CVE-2015-8902\", \"CVE-2015-8903\", \"CVE-2015-8957\", \"CVE-2015-8958\", \"CVE-2016-10046\", \"CVE-2016-10047\", \"CVE-2016-10049\", \"CVE-2016-10052\", \"CVE-2016-10053\", \"CVE-2016-10054\", \"CVE-2016-10055\", \"CVE-2016-10056\", \"CVE-2016-10057\", \"CVE-2016-10058\", \"CVE-2016-10059\", \"CVE-2016-10060\", \"CVE-2016-10061\", \"CVE-2016-10062\", \"CVE-2016-10063\", \"CVE-2016-10064\", \"CVE-2016-10065\", \"CVE-2016-10066\", \"CVE-2016-10067\", \"CVE-2016-10068\", \"CVE-2016-10069\", \"CVE-2016-10070\", \"CVE-2016-10071\", \"CVE-2016-10144\", \"CVE-2016-10145\", \"CVE-2016-10252\", \"CVE-2016-4562\", \"CVE-2016-4563\", \"CVE-2016-4564\", \"CVE-2016-5687\", \"CVE-2016-5688\", \"CVE-2016-5689\", \"CVE-2016-5690\", \"CVE-2016-5691\", \"CVE-2016-6491\", \"CVE-2016-6823\", \"CVE-2016-7101\", \"CVE-2016-7515\", \"CVE-2016-7516\", \"CVE-2016-7517\", \"CVE-2016-7518\", \"CVE-2016-7519\", \"CVE-2016-7520\", \"CVE-2016-7525\", \"CVE-2016-7526\", \"CVE-2016-7528\", \"CVE-2016-7529\", \"CVE-2016-7530\", \"CVE-2016-7531\", \"CVE-2016-7533\", \"CVE-2016-7534\", \"CVE-2016-7539\", \"CVE-2016-7799\", \"CVE-2016-7906\", \"CVE-2016-8677\", \"CVE-2016-8707\", \"CVE-2016-8866\", \"CVE-2016-9559\", \"CVE-2017-11478\", \"CVE-2017-11505\", \"CVE-2017-11523\", \"CVE-2017-11524\", \"CVE-2017-11525\", \"CVE-2017-11526\", \"CVE-2017-11527\", \"CVE-2017-11528\", \"CVE-2017-11529\", \"CVE-2017-11530\", \"CVE-2017-12427\", \"CVE-2017-13139\", \"CVE-2017-13140\", \"CVE-2017-13141\", \"CVE-2017-13142\", \"CVE-2017-13143\", \"CVE-2017-13144\", \"CVE-2017-13145\", \"CVE-2017-13146\", \"CVE-2017-13658\", \"CVE-2017-17499\", \"CVE-2017-17504\", \"CVE-2017-5507\", \"CVE-2017-5508\", \"CVE-2017-5509\", \"CVE-2017-5510\", \"CVE-2017-6497\", \"CVE-2017-6498\", \"CVE-2017-6499\", \"CVE-2017-6500\", \"CVE-2017-6501\", \"CVE-2017-6502\", \"CVE-2017-7941\", \"CVE-2017-7942\", \"CVE-2017-7943\", \"CVE-2018-16323\", \"CVE-2018-16328\", \"CVE-2018-20467\", \"CVE-2018-6405\", \"CVE-2019-7175\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:49:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2019-2354)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2354\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2354\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ImageMagick' package(s) announced via the EulerOS-SA-2019-2354 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175)\n\nReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.(CVE-2018-16323)\n\nIn ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.(CVE-2018-16328)\n\nThe DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4562)\n\nThe TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4563)\n\nThe DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.(CVE-2016-4564)\n\nThe ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.(CVE-2017-11525)\n\nIn coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.(CVE-2018-20467)\n\ncoders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.(CVE-2014-9837)\n\ncoders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.(CVE-2015-8958)\n\nMemory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.(CVE-2016-10058)\n\nThe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-c++\", rpm:\"ImageMagick-c++~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-libs\", rpm:\"ImageMagick-libs~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ImageMagick-perl\", rpm:\"ImageMagick-perl~6.9.9.38~1.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:25:32", "description": "\nThis updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u4.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-25T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7519", "CVE-2016-7529", "CVE-2016-7540", "CVE-2016-4562", "CVE-2016-7526", "CVE-2016-7523", "CVE-2016-5688", "CVE-2016-10046", "CVE-2016-7525", "CVE-2016-7527", "CVE-2016-7530", "CVE-2016-5689", "CVE-2016-10049", "CVE-2016-7539", "CVE-2016-7520", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7532", "CVE-2016-10052", "CVE-2016-6491", "CVE-2016-7536", "CVE-2016-7535", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-6823", "CVE-2016-5687", "CVE-2016-7521", "CVE-2016-7516", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-10048", "CVE-2016-7538", "CVE-2016-5842", "CVE-2016-10051", "CVE-2016-10050", "CVE-2016-7528", "CVE-2014-9907", "CVE-2016-7522", "CVE-2016-7514", "CVE-2016-7518", "CVE-2016-4563", "CVE-2016-5010", "CVE-2016-7537", "CVE-2016-5690", "CVE-2015-8958", "CVE-2016-10047", "CVE-2016-5841", "CVE-2016-5691", "CVE-2016-7513", "CVE-2016-7524", "CVE-2015-8959", "CVE-2016-4564"], "modified": "2022-07-21T05:49:10", "id": "OSV:DSA-3652-1", "href": "https://osv.dev/vulnerability/DSA-3652-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-21T08:12:39", "description": "\nSeveral issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n8:6.7.7.10-5+deb7u8.\n\n\nWe recommend that you upgrade your imagemagick packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T00:00:00", "type": "osv", "title": "imagemagick - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7519", "CVE-2014-9809", "CVE-2014-9829", "CVE-2016-7529", "CVE-2014-9836", "CVE-2014-9849", "CVE-2014-9810", "CVE-2016-4562", "CVE-2016-7526", "CVE-2016-7523", "CVE-2016-5688", "CVE-2016-10046", "CVE-2014-9806", "CVE-2016-7527", "CVE-2016-7530", "CVE-2016-5689", "CVE-2014-9828", "CVE-2014-9811", "CVE-2014-9831", "CVE-2016-7539", "CVE-2014-9853", "CVE-2014-9844", "CVE-2014-9807", "CVE-2016-7520", "CVE-2014-9818", "CVE-2016-7533", "CVE-2014-9830", "CVE-2016-7534", "CVE-2014-9817", "CVE-2014-9840", "CVE-2016-7532", "CVE-2014-9814", "CVE-2016-10052", "CVE-2014-9845", "CVE-2016-6491", "CVE-2016-10057", "CVE-2016-7536", "CVE-2014-9826", "CVE-2014-9834", "CVE-2016-7535", "CVE-2016-10056", "CVE-2016-7531", "CVE-2016-7515", "CVE-2016-10054", "CVE-2014-9819", "CVE-2016-6823", "CVE-2016-5687", "CVE-2014-9833", "CVE-2016-7521", "CVE-2014-9847", "CVE-2016-7516", "CVE-2014-9812", "CVE-2014-9824", "CVE-2016-7517", "CVE-2015-8957", "CVE-2016-10048", "CVE-2014-9838", "CVE-2016-7538", "CVE-2016-5842", "CVE-2016-10051", "CVE-2014-9843", "CVE-2014-9837", "CVE-2016-10050", "CVE-2014-9815", "CVE-2016-7528", "CVE-2014-9835", "CVE-2014-9813", "CVE-2016-10055", "CVE-2014-9822", "CVE-2014-9839", "CVE-2014-9907", "CVE-2014-9805", "CVE-2014-9832", "CVE-2016-7522", "CVE-2016-7514", "CVE-2016-7518", "CVE-2014-9851", "CVE-2016-5010", "CVE-2014-9846", "CVE-2016-7537", "CVE-2016-5690", "CVE-2014-9848", "CVE-2014-9816", "CVE-2015-8958", "CVE-2014-9808", "CVE-2016-7101", "CVE-2014-9854", "CVE-2014-9823", "CVE-2016-5841", "CVE-2016-5691", "CVE-2016-7524", "CVE-2015-8959", "CVE-2016-4564", "CVE-2014-9821"], "modified": "2022-07-21T05:54:46", "id": "OSV:DLA-731-1", "href": "https://osv.dev/vulnerability/DLA-731-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-23T21:44:34", "description": "Package : imagemagick\nVersion : 8:6.7.7.10-5+deb7u8\nCVE ID : CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 \n CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812\n CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816\n CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9821\n CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9826\n CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831\n CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835\n CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839\n CVE-2014-9840 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845\n CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849\n CVE-2014-9851 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907\n CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-4562\n CVE-2016-4564 CVE-2016-5010 CVE-2016-5687 CVE-2016-5688\n CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841\n CVE-2016-5842 CVE-2016-6491 CVE-2016-6823 CVE-2016-7101\n CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517\n CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521\n CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7526\n CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530\n CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534\n CVE-2016-7535 CVE-2016-7536 CVE-2016-7537 CVE-2016-7538\n CVE-2016-7539\nDebian Bug : #773980 #836172 #834501 #834183 #833744 #833730 #833735\n\n\nSeveral issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n8:6.7.7.10-5+deb7u8.\n\nWe recommend that you upgrade your imagemagick packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T05:44:49", "type": "debian", "title": "[SECURITY] [DLA 731-1] imagemagick security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9824", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9832", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9851", "CVE-2014-9853", "CVE-2014-9854", "CVE-2014-9907", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-4562", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539"], "modified": "2016-12-02T05:44:49", "id": "DEBIAN:DLA-731-1:2431F", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00003.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T13:20:40", "description": "## Releases\n\n * Ubuntu 16.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * imagemagick \\- Image manipulation programs and library\n\nIt was discovered that ImageMagick incorrectly handled certain malformed \nimage files. If a user or automated system using ImageMagick were tricked \ninto opening a specially crafted image, an attacker could exploit this to \ncause a denial of service or possibly execute code with the privileges of \nthe user invoking the program.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-21T00:00:00", "type": "ubuntu", "title": "ImageMagick vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8354", "CVE-2014-8355", "CVE-2014-8562", "CVE-2014-8716", "CVE-2014-9805", "CVE-2014-9806", "CVE-2014-9807", "CVE-2014-9808", "CVE-2014-9809", "CVE-2014-9810", "CVE-2014-9811", "CVE-2014-9812", "CVE-2014-9813", "CVE-2014-9814", "CVE-2014-9815", "CVE-2014-9816", "CVE-2014-9817", "CVE-2014-9818", "CVE-2014-9819", "CVE-2014-9820", "CVE-2014-9821", "CVE-2014-9822", "CVE-2014-9823", "CVE-2014-9826", "CVE-2014-9828", "CVE-2014-9829", "CVE-2014-9830", "CVE-2014-9831", "CVE-2014-9833", "CVE-2014-9834", "CVE-2014-9835", "CVE-2014-9836", "CVE-2014-9837", "CVE-2014-9838", "CVE-2014-9839", "CVE-2014-9840", "CVE-2014-9841", "CVE-2014-9843", "CVE-2014-9844", "CVE-2014-9845", "CVE-2014-9846", "CVE-2014-9847", "CVE-2014-9848", "CVE-2014-9849", "CVE-2014-9850", "CVE-2014-9851", "CVE-2014-9853", "CVE-2014-9854", "CVE-2014-9907", "CVE-2015-8894", "CVE-2015-8895", "CVE-2015-8896", "CVE-2015-8897", "CVE-2015-8898", "CVE-2015-8900", "CVE-2015-8901", "CVE-2015-8902", "CVE-2015-8903", "CVE-2015-8957", "CVE-2015-8958", "CVE-2015-8959", "CVE-2016-4562", "CVE-2016-4563", "CVE-2016-4564", "CVE-2016-5010", "CVE-2016-5687", "CVE-2016-5688", "CVE-2016-5689", "CVE-2016-5690", "CVE-2016-5691", "CVE-2016-5841", "CVE-2016-5842", "CVE-2016-6491", "CVE-2016-6823", "CVE-2016-7101", "CVE-2016-7513", "CVE-2016-7514", "CVE-2016-7515", "CVE-2016-7516", "CVE-2016-7517", "CVE-2016-7518", "CVE-2016-7519", "CVE-2016-7520", "CVE-2016-7521", "CVE-2016-7522", "CVE-2016-7523", "CVE-2016-7524", "CVE-2016-7525", "CVE-2016-7526", "CVE-2016-7527", "CVE-2016-7528", "CVE-2016-7529", "CVE-2016-7530", "CVE-2016-7531", "CVE-2016-7532", "CVE-2016-7533", "CVE-2016-7534", "CVE-2016-7535", "CVE-2016-7536", "CVE-2016-7537", "CVE-2016-7538", "CVE-2016-7539", "CVE-2016-7540"], "modified": "2016-11-21T00:00:00", "id": "USN-3131-1", "href": "https://ubuntu.com/security/notices/USN-3131-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}

CVE-2016-7528

Description

Affected Package

Related