Vulnerabilities > CVE-2005-1739 - Denial Of Service vulnerability in ImageMagick And GraphicsMagick XWD Decoder
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-480.NASL description Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21831 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21831 title CentOS 3 / 4 : ImageMagick (CESA-2005:480) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:480 and # CentOS Errata and Security Advisory 2005:480 respectively. # include("compat.inc"); if (description) { script_id(21831); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1739"); script_bugtraq_id(13705); script_xref(name:"RHSA", value:"2005:480"); script_name(english:"CentOS 3 / 4 : ImageMagick (CESA-2005:480)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011780.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b71a00cb" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011781.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?066bfd33" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011789.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?79ab51a7" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011790.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b65e4785" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011792.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b2324c00" ); # https://lists.centos.org/pipermail/centos-announce/2005-June/011793.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7aeea7f7" ); script_set_attribute( attribute:"solution", value:"Update the affected imagemagick packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-c++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ImageMagick-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"ImageMagick-5.5.6-15")) flag++; if (rpm_check(release:"CentOS-3", reference:"ImageMagick-c++-5.5.6-15")) flag++; if (rpm_check(release:"CentOS-3", reference:"ImageMagick-c++-devel-5.5.6-15")) flag++; if (rpm_check(release:"CentOS-3", reference:"ImageMagick-devel-5.5.6-15")) flag++; if (rpm_check(release:"CentOS-3", reference:"ImageMagick-perl-5.5.6-15")) flag++; if (rpm_check(release:"CentOS-4", reference:"ImageMagick-6.0.7.1-12")) flag++; if (rpm_check(release:"CentOS-4", reference:"ImageMagick-c++-6.0.7.1-12")) flag++; if (rpm_check(release:"CentOS-4", reference:"ImageMagick-c++-devel-6.0.7.1-12")) flag++; if (rpm_check(release:"CentOS-4", reference:"ImageMagick-devel-6.0.7.1-12")) flag++; if (rpm_check(release:"CentOS-4", reference:"ImageMagick-perl-6.0.7.1-12")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-480.NASL description Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18422 published 2005-06-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18422 title RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2005:480) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:480. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18422); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1739"); script_bugtraq_id(13705); script_xref(name:"RHSA", value:"2005:480"); script_name(english:"RHEL 2.1 / 3 / 4 : ImageMagick (RHSA-2005:480)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ImageMagick packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A denial of service bug was found in the way ImageMagick parses XWD files. A user or program executing ImageMagick to process a malicious XWD file can cause ImageMagick to enter an infinite loop causing a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1739 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1739" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:480" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:480"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-5.3.8-11")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-5.3.8-11")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-c++-devel-5.3.8-11")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-devel-5.3.8-11")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ImageMagick-perl-5.3.8-11")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-5.5.6-15")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-5.5.6-15")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-c++-devel-5.5.6-15")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-devel-5.5.6-15")) flag++; if (rpm_check(release:"RHEL3", reference:"ImageMagick-perl-5.5.6-15")) flag++; if (rpm_check(release:"RHEL4", reference:"ImageMagick-6.0.7.1-12")) flag++; if (rpm_check(release:"RHEL4", reference:"ImageMagick-c++-6.0.7.1-12")) flag++; if (rpm_check(release:"RHEL4", reference:"ImageMagick-c++-devel-6.0.7.1-12")) flag++; if (rpm_check(release:"RHEL4", reference:"ImageMagick-devel-6.0.7.1-12")) flag++; if (rpm_check(release:"RHEL4", reference:"ImageMagick-perl-6.0.7.1-12")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-c++ / ImageMagick-c++-devel / etc"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-107.NASL description A heap-based buffer overflow was found in the way that ImageMagick parses PNM files. If an attacker can trick a victim into opening a specially crafted PNM file, the attacker could execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 18584 published 2005-06-28 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18584 title Mandrake Linux Security Advisory : ImageMagick (MDKSA-2005:107) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-16.NASL description The remote host is affected by the vulnerability described in GLSA-200505-16 (ImageMagick, GraphicsMagick: Denial of Service vulnerability) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero. Impact : A remote attacker could submit a specially crafted image to a user or an automated system making use of an affected utility, resulting in a Denial of Service by consumption of CPU time. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18380 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18380 title GLSA-200505-16 : ImageMagick, GraphicsMagick: Denial of Service vulnerability
Oval
accepted 2013-04-29T04:15:15.922-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. family unix id oval:org.mitre.oval:def:11667 status accepted submitted 2010-07-09T03:56:16-04:00 title The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. version 26 accepted 2005-09-21T01:33:00.000-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux description The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. family unix id oval:org.mitre.oval:def:960 status accepted submitted 2005-07-11T12:00:00.000-04:00 title Magick XWD Decoder DoS version 4
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=90423
- http://secunia.com/advisories/15429
- http://secunia.com/advisories/15446
- http://secunia.com/advisories/15453
- http://security.gentoo.org/glsa/glsa-200505-16.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:107
- http://www.osvdb.org/16774
- http://www.osvdb.org/16775
- http://www.redhat.com/support/errata/RHSA-2005-480.html
- http://www.securityfocus.com/bid/13705
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11667
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A960
- https://usn.ubuntu.com/132-1/