Vulnerabilities > CVE-2005-1739

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-480.NASL
    descriptionUpdated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21831
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21831
    titleCentOS 3 / 4 : ImageMagick (CESA-2005:480)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:480 and 
    # CentOS Errata and Security Advisory 2005:480 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21831);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:02");
    
      script_cve_id("CVE-2005-1739");
      script_bugtraq_id(13705);
      script_xref(name:"RHSA", value:"2005:480");
    
      script_name(english:"CentOS 3 / 4 : ImageMagick (CESA-2005:480)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ImageMagick packages that fix a denial of service issue are
    now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    ImageMagick(TM) is an image display and manipulation tool for the X
    Window System that can read and write multiple image formats.
    
    A denial of service bug was found in the way ImageMagick parses XWD
    files. A user or program executing ImageMagick to process a malicious
    XWD file can cause ImageMagick to enter an infinite loop causing a
    denial of service condition. The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2005-1739 to this
    issue.
    
    Users of ImageMagick should upgrade to these updated packages, which
    contain a backported patch, and are not vulnerable to this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011780.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b71a00cb"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011781.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?066bfd33"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011789.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?79ab51a7"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011790.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b65e4785"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011792.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b2324c00"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-June/011793.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7aeea7f7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected imagemagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"ImageMagick-5.5.6-15")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"ImageMagick-c++-5.5.6-15")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"ImageMagick-c++-devel-5.5.6-15")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"ImageMagick-devel-5.5.6-15")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"ImageMagick-perl-5.5.6-15")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"ImageMagick-6.0.7.1-12")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"ImageMagick-c++-6.0.7.1-12")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"ImageMagick-c++-devel-6.0.7.1-12")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"ImageMagick-devel-6.0.7.1-12")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"ImageMagick-perl-6.0.7.1-12")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-480.NASL
    descriptionUpdated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18422
    published2005-06-06
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18422
    titleRHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2005:480)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:480. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18422);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-1739");
      script_bugtraq_id(13705);
      script_xref(name:"RHSA", value:"2005:480");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2005:480)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ImageMagick packages that fix a denial of service issue are
    now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    ImageMagick(TM) is an image display and manipulation tool for the X
    Window System that can read and write multiple image formats.
    
    A denial of service bug was found in the way ImageMagick parses XWD
    files. A user or program executing ImageMagick to process a malicious
    XWD file can cause ImageMagick to enter an infinite loop causing a
    denial of service condition. The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2005-1739 to this
    issue.
    
    Users of ImageMagick should upgrade to these updated packages, which
    contain a backported patch, and are not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:480"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:480";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-5.3.8-11")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-5.3.8-11")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-devel-5.3.8-11")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-devel-5.3.8-11")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-perl-5.3.8-11")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-5.5.6-15")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-5.5.6-15")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-devel-5.5.6-15")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-devel-5.5.6-15")) flag++;
      if (rpm_check(release:"RHEL3", reference:"ImageMagick-perl-5.5.6-15")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"ImageMagick-6.0.7.1-12")) flag++;
      if (rpm_check(release:"RHEL4", reference:"ImageMagick-c++-6.0.7.1-12")) flag++;
      if (rpm_check(release:"RHEL4", reference:"ImageMagick-c++-devel-6.0.7.1-12")) flag++;
      if (rpm_check(release:"RHEL4", reference:"ImageMagick-devel-6.0.7.1-12")) flag++;
      if (rpm_check(release:"RHEL4", reference:"ImageMagick-perl-6.0.7.1-12")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-107.NASL
    descriptionA heap-based buffer overflow was found in the way that ImageMagick parses PNM files. If an attacker can trick a victim into opening a specially crafted PNM file, the attacker could execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id18584
    published2005-06-28
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18584
    titleMandrake Linux Security Advisory : ImageMagick (MDKSA-2005:107)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200505-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200505-16 (ImageMagick, GraphicsMagick: Denial of Service vulnerability) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero. Impact : A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18380
    published2005-05-28
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18380
    titleGLSA-200505-16 : ImageMagick, GraphicsMagick: Denial of Service vulnerability

Oval

  • accepted2013-04-29T04:15:15.922-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionThe XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
    familyunix
    idoval:org.mitre.oval:def:11667
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
    version26
  • accepted2005-09-21T01:33:00.000-04:00
    classvulnerability
    contributors
    nameJay Beale
    organizationBastille Linux
    descriptionThe XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
    familyunix
    idoval:org.mitre.oval:def:960
    statusaccepted
    submitted2005-07-11T12:00:00.000-04:00
    titleMagick XWD Decoder DoS
    version4

Redhat

advisories
rhsa
idRHSA-2005:480
rpms
  • ImageMagick-0:5.5.6-15
  • ImageMagick-0:6.0.7.1-12
  • ImageMagick-c++-0:5.5.6-15
  • ImageMagick-c++-0:6.0.7.1-12
  • ImageMagick-c++-devel-0:5.5.6-15
  • ImageMagick-c++-devel-0:6.0.7.1-12
  • ImageMagick-debuginfo-0:5.5.6-15
  • ImageMagick-debuginfo-0:6.0.7.1-12
  • ImageMagick-devel-0:5.5.6-15
  • ImageMagick-devel-0:6.0.7.1-12
  • ImageMagick-perl-0:5.5.6-15
  • ImageMagick-perl-0:6.0.7.1-12