Vulnerabilities > CVE-2014-1947 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH). CVE-2014-1947,CVE-2014-2030. Local exploit for windows platform |
| id | EDB-ID:31688 |
| last seen | 2016-02-03 |
| modified | 2014-02-16 |
| published | 2014-02-16 |
| reporter | Mike Czumak |
| source | https://www.exploit-db.com/download/31688/ |
| title | ImageMagick 6.8.8-4 - Local Buffer Overflow SEH |
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-420.NASL description A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported. last seen 2020-03-17 modified 2014-10-12 plugin id 78363 published 2014-10-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78363 title Amazon Linux AMI : GraphicsMagick (ALAS-2014-420) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-420. # include("compat.inc"); if (description) { script_id(78363); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2014-1947"); script_xref(name:"ALAS", value:"2014-420"); script_name(english:"Amazon Linux AMI : GraphicsMagick (ALAS-2014-420)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-420.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update GraphicsMagick' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-c++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:GraphicsMagick-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"GraphicsMagick-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-c++-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-c++-devel-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-debuginfo-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-devel-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-doc-1.3.20-3.5.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"GraphicsMagick-perl-1.3.20-3.5.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-14617.NASL description Fix for psd security issue, and upgrade path to f21. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-17 plugin id 79260 published 2014-11-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79260 title Fedora 21 : GraphicsMagick-1.3.20-3.fc21 (2014-14617) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-14617. # include("compat.inc"); if (description) { script_id(79260); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1947"); script_bugtraq_id(65683); script_xref(name:"FEDORA", value:"2014-14617"); script_name(english:"Fedora 21 : GraphicsMagick-1.3.20-3.fc21 (2014-14617)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for psd security issue, and upgrade path to f21. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1064098" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143680.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d41032df" ); script_set_attribute( attribute:"solution", value:"Update the affected GraphicsMagick package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"GraphicsMagick-1.3.20-3.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick"); }NASL family SuSE Local Security Checks NASL id SUSE_11_IMAGEMAGICK-140307.NASL description The image converter program and library set of ImageMagick received an update that fixes a buffer overflow when handling PSD images. last seen 2020-06-05 modified 2014-03-13 plugin id 72977 published 2014-03-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72977 title SuSE 11.3 Security Update : ImageMagick (SAT Patch Number 8978) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(72977); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1947"); script_name(english:"SuSE 11.3 Security Update : ImageMagick (SAT Patch Number 8978)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The image converter program and library set of ImageMagick received an update that fixes a buffer overflow when handling PSD images." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=863838" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1947.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8978."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ImageMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libMagick++1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libMagickCore1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libMagickCore1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libMagickWand1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"ImageMagick-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libMagick++1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libMagickCore1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libMagickWand1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"ImageMagick-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libMagick++1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libMagickCore1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libMagickCore1-32bit-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libMagickWand1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libMagickCore1-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libMagickCore1-32bit-6.4.3.6-7.28.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libMagickCore1-32bit-6.4.3.6-7.28.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS11_IMAGEMAGICK_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates. last seen 2020-06-01 modified 2020-06-02 plugin id 80644 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80644 title Oracle Solaris Third-Party Patch Update : imagemagick (multiple_buffer_errors_vulnerabilities_in2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80644); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2014-1947", "CVE-2014-1958", "CVE-2014-2030"); script_name(english:"Oracle Solaris Third-Party Patch Update : imagemagick (multiple_buffer_errors_vulnerabilities_in2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates." ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-buffer-errors-vulnerabilities-in-imagemagick script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ba42ea5" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:imagemagick"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^imagemagick$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++; if (flag) { error_extra = 'Affected package : imagemagick\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "imagemagick");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-09.NASL description The remote host is affected by the vulnerability described in GLSA-201405-09 (ImageMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09. Impact : A remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74052 published 2014-05-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74052 title GLSA-201405-09 : ImageMagick: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201405-09. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(74052); script_version("1.6"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2012-1185", "CVE-2012-1186", "CVE-2013-4298", "CVE-2014-1947", "CVE-2014-2030"); script_bugtraq_id(51957, 62080, 65478, 65683); script_xref(name:"GLSA", value:"201405-09"); script_name(english:"GLSA-201405-09 : ImageMagick: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201405-09 (ImageMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details. Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs were addressed in GLSA 201203-09. Impact : A remote attacker can utilize multiple vectors to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201405-09" ); script_set_attribute( attribute:"solution", value: "All ImageMagick users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-gfx/imagemagick-6.8.8.10'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:imagemagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/05"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-gfx/imagemagick", unaffected:make_list("ge 6.8.8.10"), vulnerable:make_list("lt 6.8.8.10"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-9624.NASL description New stable upstream release, patched for CVE-2014-1947. See also: http://www.graphicsmagick.org/NEWS.html#august-16-2014 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-15 plugin id 77678 published 2014-09-15 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77678 title Fedora 19 : GraphicsMagick-1.3.20-3.fc19 (2014-9624) NASL family Windows NASL id IMAGEMAGICK_6_8_7_6.NASL description The remote Windows host is running a version of ImageMagick prior to version 6.8.7-6. It is, therefore, affected by a memory corruption vulnerability related to PSD image file handling and the last seen 2020-06-01 modified 2020-06-02 plugin id 72721 published 2014-02-27 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72721 title ImageMagick < 6.8.7-6 WritePSDImage PSD Handling Memory Corruption NASL family Fedora Local Security Checks NASL id FEDORA_2014-9596.NASL description New stable upstream release, patched for CVE-2014-1947. See also: http://www.graphicsmagick.org/NEWS.html#august-16-2014 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-29 plugin id 77427 published 2014-08-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77427 title Fedora 20 : GraphicsMagick-1.3.20-1.fc20 (2014-9596) NASL family Fedora Local Security Checks NASL id FEDORA_2014-4969.NASL description - Build 6.8.6-3 version because soname bump happened in newer. - Concretize soname versioning. - Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug fix backporting: http://www.imagemagick.org/discourse-server/viewtopic. php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p =109901#p109901 for fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098) - Enable %check by Alexander Todorov suggestion - bz#1076671. - Add %{?_smp_mflags} into make install and check (not main compilation). - Porting some other non-destructive minor enhancements from master branch: o Drop BR giflib-devel (bz#1039378) o Use %__isa_bits instead of hardcoding the list of 64-bit architectures. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-04-16 plugin id 73546 published 2014-04-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73546 title Fedora 20 : ImageMagick-6.8.6.3-4.fc20 (2014-4969) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-336.NASL description A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick. A buffer overflow flaw affecting ImageMagick when creating PSD images was reported. The vulnerability is similar to CVE-2014-1947 , except that CVE-2014-2030 last seen 2020-06-01 modified 2020-06-02 plugin id 78279 published 2014-10-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78279 title Amazon Linux AMI : ImageMagick (ALAS-2014-336) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2898.NASL description Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code. last seen 2020-03-17 modified 2014-04-10 plugin id 73440 published 2014-04-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73440 title Debian DSA-2898-1 : imagemagick - security update NASL family Fedora Local Security Checks NASL id FEDORA_2014-9927.NASL description Better fix for psd security issue, CVE-2014-1947. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-10 plugin id 77593 published 2014-09-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77593 title Fedora 20 : GraphicsMagick-1.3.20-3.fc20 (2014-9927)
Seebug
bulletinFamily exploit description No description provided by source. id SSV:85003 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-85003 title ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH) bulletinFamily exploit description BUGTRAQ ID: 65478 CVE ID:CVE-2014-1947 ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。 ImageMagick 6.8.8-5之前版本进行PSD图形的RLE解码中出现边界错误,可使远程攻击者利用此漏洞造成缓冲区溢出,导致执行任意代码。 0 ImageMagick ImageMagick < 6.8.8-5 厂商补丁: ImageMagick ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.imagemagick.org/ http://www.imagemagick.org/script/changelog.php http://freecode.com/projects/imagemagick/tags/bugfixes id SSV:61456 last seen 2017-11-19 modified 2014-02-17 published 2014-02-17 reporter Root source https://www.seebug.org/vuldb/ssvid-61456 title ImageMagick PSD图形文件处理缓冲区溢出漏洞
References
- http://www.openwall.com/lists/oss-security/2014/02/12/13
- http://www.openwall.com/lists/oss-security/2014/02/12/2
- http://www.openwall.com/lists/oss-security/2014/02/13/2
- http://www.openwall.com/lists/oss-security/2014/02/13/5
- http://www.openwall.com/lists/oss-security/2014/02/19/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1064098
- https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html