Vulnerabilities > CVE-2005-0759 - Denial Of Service vulnerability in ImageMagick TIFF Image Tag

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
imagemagick
sgi
nessus

Summary

ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-702.NASL
    descriptionSeveral vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. - CAN-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. - CAN-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. - CAN-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file.
    last seen2020-06-01
    modified2020-06-02
    plugin id17673
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17673
    titleDebian DSA-702-1 : imagemagick - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-702. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17673);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0762");
      script_bugtraq_id(12875);
      script_xref(name:"DSA", value:"702");
    
      script_name(english:"Debian DSA-702-1 : imagemagick - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in ImageMagick, a
    commonly used image manipulation library. These problems can be
    exploited by a carefully crafted graphic image. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CAN-2005-0397
        Tavis Ormandy discovered a format string vulnerability
        in the filename handling code which allows a remote
        attacker to cause a denial of service and possibly
        execute arbitrary code.
    
      - CAN-2005-0759
    
        Andrei Nigmatulin discovered a denial of service
        condition which can be caused by an invalid tag in a
        TIFF image.
    
      - CAN-2005-0760
    
        Andrei Nigmatulin discovered that the TIFF decoder is
        vulnerable to accessing memory out of bounds which will
        result in a segmentation fault.
    
      - CAN-2005-0762
    
        Andrei Nigmatulin discovered a buffer overflow in the
        SGI parser which allows a remote attacker to execute
        arbitrary code via a specially crafted SGI image file."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=297990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-702"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the imagemagick package.
    
    For the stable distribution (woody) these problems have been fixed in
    version 5.4.4.5-1woody6."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"imagemagick", reference:"5.4.4.5-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick++5", reference:"5.4.4.5-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick++5-dev", reference:"5.4.4.5-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick5", reference:"5.4.4.5-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"libmagick5-dev", reference:"5.4.4.5-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"perlmagick", reference:"5.4.4.5-1woody6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-070.NASL
    descriptionUpdated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17621
    published2005-03-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17621
    titleRHEL 2.1 / 3 : ImageMagick (RHSA-2005:070)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:070. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17621);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0005", "CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762");
      script_bugtraq_id(12873, 12874, 12875, 12876, 13705);
      script_xref(name:"RHSA", value:"2005:070");
    
      script_name(english:"RHEL 2.1 / 3 : ImageMagick (RHSA-2005:070)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ImageMagick packages that fix a heap based buffer overflow are
    now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    ImageMagick is an image display and manipulation tool for the X Window
    System.
    
    Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
    ImageMagick image handler. An attacker could create a carefully
    crafted Photoshop Document (PSD) image in such a way that it would
    cause ImageMagick to execute arbitrary code when processing the image.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2005-0005 to this issue.
    
    A format string bug was found in the way ImageMagick handles
    filenames. An attacker could execute arbitrary code on a victim's
    machine if they were able to trick the victim into opening a file with
    a specially crafted name. The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2005-0397 to this
    issue.
    
    A bug was found in the way ImageMagick handles TIFF tags. It is
    possible that a TIFF image file with an invalid tag could cause
    ImageMagick to crash. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2005-0759 to this issue.
    
    A bug was found in ImageMagick's TIFF decoder. It is possible that a
    specially crafted TIFF image file could cause ImageMagick to crash.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2005-0760 to this issue.
    
    A bug was found in the way ImageMagick parses PSD files. It is
    possible that a specially crafted PSD file could cause ImageMagick to
    crash. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2005-0761 to this issue.
    
    A heap overflow bug was found in ImageMagick's SGI parser. It is
    possible that an attacker could execute arbitrary code by tricking a
    user into opening a specially crafted SGI image file. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-0762 to this issue.
    
    Users of ImageMagick should upgrade to these updated packages, which
    contain backported patches, and are not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0759"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:070"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:070";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-5.3.8-10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-5.3.8-10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-devel-5.3.8-10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-devel-5.3.8-10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-perl-5.3.8-10")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-5.5.6-13")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-5.5.6-13")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-devel-5.5.6-13")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-devel-5.5.6-13")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-perl-5.5.6-13")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_017.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick). This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID CVE-2005-0397. Andrei Nigmatulin reported 4 problems in older versions of ImageMagick: - A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0759. Only ImageMagick version before version 6 are affected. - A bug was found in ImageMagick
    last seen2020-06-01
    modified2020-06-02
    plugin id17606
    published2005-03-24
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17606
    titleSUSE-SA:2005:017: ImageMagick
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:017
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(17606);
     script_version ("1.10");
     script_cve_id("CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762");
     
     name["english"] = "SUSE-SA:2005:017: ImageMagick";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick).
    
    
    This update fixes several security issues in the ImageMagick program suite:
    
    - A format string vulnerability was found in the display program
    which could lead to a remote attacker being to able to execute code
    as the user running display by providing handcrafted filenames of
    images. This is tracked by the Mitre CVE ID CVE-2005-0397.
    
    Andrei Nigmatulin reported 4 problems in older versions of ImageMagick:
    
    - A bug was found in the way ImageMagick handles TIFF tags.
    It is possible that a TIFF image file with an invalid tag could
    cause ImageMagick to crash.
    This is tracked by the Mitre CVE ID CVE-2005-0759.
    
    Only ImageMagick version before version 6 are affected.
    
    - A bug was found in ImageMagick's TIFF decoder.
    It is possible that a specially crafted TIFF image file could
    cause ImageMagick to crash.
    This is tracked by the Mitre CVE ID CVE-2005-0760.
    
    Only ImageMagick version before version 6 are affected.
    
    - A bug was found in the way ImageMagick parses PSD files.
    It is possible that a specially crafted PSD file could cause
    ImageMagick to crash.
    This is tracked by the Mitre CVE ID CVE-2005-0761.
    
    Only ImageMagick version before version 6.1.8 are affected.
    
    - A heap overflow bug was found in ImageMagick's SGI parser.
    It is possible that an attacker could execute arbitrary code
    by tricking a user into opening a specially crafted SGI image
    file.
    This is tracked by the Mitre CVE ID CVE-2005-0762.
    
    Only ImageMagick version before version 6 are affected." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_17_imagemagick.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/24");
      script_cvs_date("Date: 2019/10/25 13:36:28");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the ImageMagick package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"ImageMagick-5.5.4-125", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-Magick++-5.5.4-125", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-devel-5.5.4-125", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-PerlMagick-5.5.4-125", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-5.5.7-233", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-Magick++-5.5.7-233", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-devel-5.5.7-233", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-PerlMagick-5.5.7-233", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-5.5.7-225.15", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-Magick++-5.5.7-225.15", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-devel-5.5.7-225.15", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-PerlMagick-5.5.7-225.15", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-6.0.7-4.6", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-Magick++-6.0.7-4.6", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"ImageMagick-devel-6.0.7-4.6", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-PerlMagick-6.0.7-4.6", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"ImageMagick-", release:"SUSE8.2")
     || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.0")
     || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.1")
     || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.2") )
    {
     set_kb_item(name:"CVE-2005-0397", value:TRUE);
     set_kb_item(name:"CVE-2005-0759", value:TRUE);
     set_kb_item(name:"CVE-2005-0760", value:TRUE);
     set_kb_item(name:"CVE-2005-0761", value:TRUE);
     set_kb_item(name:"CVE-2005-0762", value:TRUE);
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-065.NASL
    descriptionA format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17677
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17677
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:065. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17677);
      script_version ("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-0005", "CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762");
      script_xref(name:"MDKSA", value:"2005:065");
    
      script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A format string vulnerability was discovered in ImageMagick, in the
    way it handles filenames. An attacker could execute arbitrary code on
    a victim's machine provided they could trick them into opening a file
    with a special name (CVE-2005-0397).
    
    As well, Andrei Nigmatulin discovered a heap-based buffer overflow in
    ImageMagick's image handler. An attacker could create a special
    PhotoShop Document (PSD) image file in such a way that it would cause
    ImageMagick to execute arbitrary code when processing the image
    (CVE-2005-0005).
    
    Other vulnerabilities were discovered in ImageMagick versions prior to
    6.0 :
    
    A bug in the way that ImageMagick handles TIFF tags was discovered. It
    was possible that a TIFF image with an invalid tag could cause
    ImageMagick to crash (CVE-2005-0759).
    
    A bug in ImageMagick's TIFF decoder was discovered where a specially-
    crafted TIFF image could cause ImageMagick to crash (CVE-2005-0760).
    
    A bug in ImageMagick's PSD parsing was discovered where a specially-
    crafted PSD file could cause ImageMagick to crash (CVE-2005-0761).
    
    Finally, a heap overflow bug was discovered in ImageMagick's SGI
    parser. If an attacker could trick a user into opening a specially-
    crafted SGI image file, ImageMagick would execute arbitrary code
    (CVE-2005-0762).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick5.5.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick5.5.7-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick6.4.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick6.4.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick5.5.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick5.5.7-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick6.4.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick6.4.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Magick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"ImageMagick-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"ImageMagick-doc-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64Magick5.5.7-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libMagick5.5.7-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libMagick5.5.7-devel-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"perl-Magick-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"ImageMagick-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"ImageMagick-doc-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64Magick6.4.0-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64Magick6.4.0-devel-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libMagick6.4.0-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libMagick6.4.0-devel-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-Magick-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:10:50.223-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
familyunix
idoval:org.mitre.oval:def:11022
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
version26

Redhat

advisories
rhsa
idRHSA-2005:070
rpms
  • ImageMagick-0:5.5.6-13
  • ImageMagick-c++-0:5.5.6-13
  • ImageMagick-c++-devel-0:5.5.6-13
  • ImageMagick-debuginfo-0:5.5.6-13
  • ImageMagick-devel-0:5.5.6-13
  • ImageMagick-perl-0:5.5.6-13