Vulnerabilities > CVE-2005-0762 - Unspecified vulnerability in Imagemagick
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-702.NASL description Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. - CAN-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. - CAN-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. - CAN-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file. last seen 2020-06-01 modified 2020-06-02 plugin id 17673 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17673 title Debian DSA-702-1 : imagemagick - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-702. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(17673); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0762"); script_bugtraq_id(12875); script_xref(name:"DSA", value:"702"); script_name(english:"Debian DSA-702-1 : imagemagick - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0397 Tavis Ormandy discovered a format string vulnerability in the filename handling code which allows a remote attacker to cause a denial of service and possibly execute arbitrary code. - CAN-2005-0759 Andrei Nigmatulin discovered a denial of service condition which can be caused by an invalid tag in a TIFF image. - CAN-2005-0760 Andrei Nigmatulin discovered that the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. - CAN-2005-0762 Andrei Nigmatulin discovered a buffer overflow in the SGI parser which allows a remote attacker to execute arbitrary code via a specially crafted SGI image file." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=297990" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-702" ); script_set_attribute( attribute:"solution", value: "Upgrade the imagemagick package. For the stable distribution (woody) these problems have been fixed in version 5.4.4.5-1woody6." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"imagemagick", reference:"5.4.4.5-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"libmagick++5", reference:"5.4.4.5-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"libmagick++5-dev", reference:"5.4.4.5-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"libmagick5", reference:"5.4.4.5-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"libmagick5-dev", reference:"5.4.4.5-1woody6")) flag++; if (deb_check(release:"3.0", prefix:"perlmagick", reference:"5.4.4.5-1woody6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-070.NASL description Updated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 17621 published 2005-03-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17621 title RHEL 2.1 / 3 : ImageMagick (RHSA-2005:070) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:070. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17621); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-0005", "CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762"); script_bugtraq_id(12873, 12874, 12875, 12876, 13705); script_xref(name:"RHSA", value:"2005:070"); script_name(english:"RHEL 2.1 / 3 : ImageMagick (RHSA-2005:070)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ImageMagick packages that fix a heap based buffer overflow are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0005 to this issue. A format string bug was found in the way ImageMagick handles filenames. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0397 to this issue. A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0759 to this issue. A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0760 to this issue. A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0761 to this issue. A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0762 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0005" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0397" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0759" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0760" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0761" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0762" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:070" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:070"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-5.3.8-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-5.3.8-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-devel-5.3.8-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-devel-5.3.8-10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-perl-5.3.8-10")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-5.5.6-13")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-5.5.6-13")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-devel-5.5.6-13")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-devel-5.5.6-13")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-perl-5.5.6-13")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_017.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick). This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID CVE-2005-0397. Andrei Nigmatulin reported 4 problems in older versions of ImageMagick: - A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0759. Only ImageMagick version before version 6 are affected. - A bug was found in ImageMagick last seen 2020-06-01 modified 2020-06-02 plugin id 17606 published 2005-03-24 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17606 title SUSE-SA:2005:017: ImageMagick code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:017 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(17606); script_version ("1.10"); script_cve_id("CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762"); name["english"] = "SUSE-SA:2005:017: ImageMagick"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick). This update fixes several security issues in the ImageMagick program suite: - A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID CVE-2005-0397. Andrei Nigmatulin reported 4 problems in older versions of ImageMagick: - A bug was found in the way ImageMagick handles TIFF tags. It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0759. Only ImageMagick version before version 6 are affected. - A bug was found in ImageMagick's TIFF decoder. It is possible that a specially crafted TIFF image file could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0760. Only ImageMagick version before version 6 are affected. - A bug was found in the way ImageMagick parses PSD files. It is possible that a specially crafted PSD file could cause ImageMagick to crash. This is tracked by the Mitre CVE ID CVE-2005-0761. Only ImageMagick version before version 6.1.8 are affected. - A heap overflow bug was found in ImageMagick's SGI parser. It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file. This is tracked by the Mitre CVE ID CVE-2005-0762. Only ImageMagick version before version 6 are affected." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_17_imagemagick.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/24"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_end_attributes(); summary["english"] = "Check for the version of the ImageMagick package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"ImageMagick-5.5.4-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-Magick++-5.5.4-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-devel-5.5.4-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"perl-PerlMagick-5.5.4-125", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-5.5.7-233", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-Magick++-5.5.7-233", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-devel-5.5.7-233", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"perl-PerlMagick-5.5.7-233", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-5.5.7-225.15", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-Magick++-5.5.7-225.15", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-devel-5.5.7-225.15", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"perl-PerlMagick-5.5.7-225.15", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-6.0.7-4.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-Magick++-6.0.7-4.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"ImageMagick-devel-6.0.7-4.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"perl-PerlMagick-6.0.7-4.6", release:"SUSE9.2") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"ImageMagick-", release:"SUSE8.2") || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.0") || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.1") || rpm_exists(rpm:"ImageMagick-", release:"SUSE9.2") ) { set_kb_item(name:"CVE-2005-0397", value:TRUE); set_kb_item(name:"CVE-2005-0759", value:TRUE); set_kb_item(name:"CVE-2005-0760", value:TRUE); set_kb_item(name:"CVE-2005-0761", value:TRUE); set_kb_item(name:"CVE-2005-0762", value:TRUE); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-065.NASL description A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 17677 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17677 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:065. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(17677); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-0005", "CVE-2005-0397", "CVE-2005-0759", "CVE-2005-0760", "CVE-2005-0761", "CVE-2005-0762"); script_xref(name:"MDKSA", value:"2005:065"); script_name(english:"Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:065)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening a file with a special name (CVE-2005-0397). As well, Andrei Nigmatulin discovered a heap-based buffer overflow in ImageMagick's image handler. An attacker could create a special PhotoShop Document (PSD) image file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image (CVE-2005-0005). Other vulnerabilities were discovered in ImageMagick versions prior to 6.0 : A bug in the way that ImageMagick handles TIFF tags was discovered. It was possible that a TIFF image with an invalid tag could cause ImageMagick to crash (CVE-2005-0759). A bug in ImageMagick's TIFF decoder was discovered where a specially- crafted TIFF image could cause ImageMagick to crash (CVE-2005-0760). A bug in ImageMagick's PSD parsing was discovered where a specially- crafted PSD file could cause ImageMagick to crash (CVE-2005-0761). Finally, a heap overflow bug was discovered in ImageMagick's SGI parser. If an attacker could trick a user into opening a specially- crafted SGI image file, ImageMagick would execute arbitrary code (CVE-2005-0762). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ImageMagick-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick5.5.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick5.5.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick6.4.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64Magick6.4.0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick5.5.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick5.5.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick6.4.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libMagick6.4.0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Magick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"ImageMagick-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ImageMagick-doc-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64Magick5.5.7-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64Magick5.5.7-devel-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libMagick5.5.7-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libMagick5.5.7-devel-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"perl-Magick-5.5.7.15-6.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ImageMagick-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ImageMagick-doc-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64Magick6.4.0-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64Magick6.4.0-devel-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libMagick6.4.0-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libMagick6.4.0-devel-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"perl-Magick-6.0.4.4-5.2.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2013-04-29T04:21:44.505-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9736 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|