Vulnerabilities > CVE-2017-12674 - Excessive Iteration vulnerability in Imagemagick 7.0.62

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
imagemagick
CWE-834
nessus

Summary

In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3681-1.NASL
    descriptionIt was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110516
    published2018-06-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110516
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3681-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110516);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2017-1000445", "CVE-2017-1000476", "CVE-2017-10995", "CVE-2017-11352", "CVE-2017-11533", "CVE-2017-11535", "CVE-2017-11537", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12429", "CVE-2017-12430", "CVE-2017-12431", "CVE-2017-12432", "CVE-2017-12433", "CVE-2017-12435", "CVE-2017-12563", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-12643", "CVE-2017-12644", "CVE-2017-12670", "CVE-2017-12674", "CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-12877", "CVE-2017-12983", "CVE-2017-13058", "CVE-2017-13059", "CVE-2017-13060", "CVE-2017-13061", "CVE-2017-13062", "CVE-2017-13131", "CVE-2017-13134", "CVE-2017-13139", "CVE-2017-13142", "CVE-2017-13143", "CVE-2017-13144", "CVE-2017-13145", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14325", "CVE-2017-14326", "CVE-2017-14341", "CVE-2017-14342", "CVE-2017-14343", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14531", "CVE-2017-14532", "CVE-2017-14533", "CVE-2017-14607", "CVE-2017-14624", "CVE-2017-14625", "CVE-2017-14626", "CVE-2017-14682", "CVE-2017-14684", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15015", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-15032", "CVE-2017-15033", "CVE-2017-15217", "CVE-2017-15218", "CVE-2017-15277", "CVE-2017-15281", "CVE-2017-16546", "CVE-2017-17499", "CVE-2017-17504", "CVE-2017-17680", "CVE-2017-17681", "CVE-2017-17682", "CVE-2017-17879", "CVE-2017-17881", "CVE-2017-17882", "CVE-2017-17884", "CVE-2017-17885", "CVE-2017-17886", "CVE-2017-17887", "CVE-2017-17914", "CVE-2017-17934", "CVE-2017-18008", "CVE-2017-18022", "CVE-2017-18027", "CVE-2017-18028", "CVE-2017-18029", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-18251", "CVE-2017-18252", "CVE-2017-18254", "CVE-2017-18271", "CVE-2017-18273", "CVE-2018-10177", "CVE-2018-10804", "CVE-2018-10805", "CVE-2018-11251", "CVE-2018-11625", "CVE-2018-11655", "CVE-2018-11656", "CVE-2018-5246", "CVE-2018-5247", "CVE-2018-5248", "CVE-2018-5357", "CVE-2018-5358", "CVE-2018-6405", "CVE-2018-7443", "CVE-2018-8804", "CVE-2018-8960", "CVE-2018-9133");
      script_xref(name:"USN", value:"3681-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that ImageMagick incorrectly handled certain
    malformed image files. If a user or automated system using ImageMagick
    were tricked into opening a specially crafted image, an attacker could
    exploit this to cause a denial of service or possibly execute code
    with the privileges of the user invoking the program.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3681-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"imagemagick", pkgver:"8:6.7.7.10-6ubuntu3.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libmagick++5", pkgver:"8:6.7.7.10-6ubuntu3.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libmagickcore5", pkgver:"8:6.7.7.10-6ubuntu3.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libmagickcore5-extra", pkgver:"8:6.7.7.10-6ubuntu3.11")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"imagemagick", pkgver:"8:6.8.9.9-7ubuntu5.11")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"imagemagick-6.q16", pkgver:"8:6.8.9.9-7ubuntu5.11")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libmagick++-6.q16-5v5", pkgver:"8:6.8.9.9-7ubuntu5.11")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libmagickcore-6.q16-2", pkgver:"8:6.8.9.9-7ubuntu5.11")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libmagickcore-6.q16-2-extra", pkgver:"8:6.8.9.9-7ubuntu5.11")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"imagemagick", pkgver:"8:6.9.7.4+dfsg-16ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"imagemagick-6.q16", pkgver:"8:6.9.7.4+dfsg-16ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libmagick++-6.q16-7", pkgver:"8:6.9.7.4+dfsg-16ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libmagickcore-6.q16-3", pkgver:"8:6.9.7.4+dfsg-16ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libmagickcore-6.q16-3-extra", pkgver:"8:6.9.7.4+dfsg-16ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"imagemagick", pkgver:"8:6.9.7.4+dfsg-16ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"imagemagick-6.q16", pkgver:"8:6.9.7.4+dfsg-16ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libmagick++-6.q16-7", pkgver:"8:6.9.7.4+dfsg-16ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libmagickcore-6.q16-3", pkgver:"8:6.9.7.4+dfsg-16ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libmagickcore-6.q16-3-extra", pkgver:"8:6.9.7.4+dfsg-16ubuntu6.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / imagemagick-6.q16 / libmagick++-6.q16-5v5 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0486-1.NASL
    descriptionThis update for ImageMagick fixes the following issues : - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106926
    published2018-02-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106926
    titleSUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0486-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1785.NASL
    descriptionNumerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125093
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125093
    titleDebian DLA-1785-1 : imagemagick security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-230.NASL
    descriptionThis update for ImageMagick fixes the following issues : - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for memory exhaustion via invalid colors data in the header of a TGA or VST file (bsc#1048272) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11531: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (bsc#1050126) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14060: A NULL pointer Dereference issue in the ReadCUTImage function in coders/cut.c was fixed that could have caused a Denial of Service (bsc#1056768) - CVE-2017-14139: A memory leak vulnerability in WriteMSLImage in coders/msl.c was fixed. (bsc#1057163) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-17934: A memory leak in the function MSLPopImage and ProcessMSLScript could have lead to a denial of service (bsc#1074170) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-5357: ImageMagick had memory leaks in the ReadDCMImage function in coders/dcm.c. (bsc#1075821) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-03-07
    plugin id107185
    published2018-03-07
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/107185
    titleopenSUSE Security Update : ImageMagick (openSUSE-2018-230)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1081.NASL
    descriptionThis updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed. For Debian 7
    last seen2020-03-17
    modified2017-09-01
    plugin id102889
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102889
    titleDebian DLA-1081-1 : imagemagick security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0581-1.NASL
    descriptionThis update for ImageMagick fixes the following issues : - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for memory exhaustion via invalid colors data in the header of a TGA or VST file (bsc#1048272) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11531: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (bsc#1050126) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14060: A NULL pointer Dereference issue in the ReadCUTImage function in coders/cut.c was fixed that could have caused a Denial of Service (bsc#1056768) - CVE-2017-14139: A memory leak vulnerability in WriteMSLImage in coders/msl.c was fixed. (bsc#1057163) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-17934: A memory leak in the function MSLPopImage and ProcessMSLScript could have lead to a denial of service (bsc#1074170) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-5357: ImageMagick had memory leaks in the ReadDCMImage function in coders/dcm.c. (bsc#1075821) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id107116
    published2018-03-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107116
    titleSUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0581-1)