Vulnerabilities > CVE-2017-13768 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
imagemagick
debian
canonical
CWE-476
nessus

Summary

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
963
OS
Debian
2
OS
Canonical
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-343.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-05
    modified2018-04-10
    plugin id108935
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108935
    titleopenSUSE Security Update : ImageMagick (openSUSE-2018-343)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-343.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108935);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-11524", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14505", "CVE-2017-14739", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-7470", "CVE-2018-8804");
    
      script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2018-343)");
      script_summary(english:"Check for the openSUSE-2018-343 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ImageMagick fixes several issues.
    
    These security issues were fixed :
    
      - CVE-2018-8804: The WriteEPTImage function allowed remote
        attackers to cause a denial of service (double free and
        application crash) or possibly have unspecified other
        impact via a crafted file (bsc#1086011).
    
      - CVE-2017-11524: The WriteBlob function allowed remote
        attackers to cause a denial of service (assertion
        failure and application exit) via a crafted file
        (bsc#1050087).
    
      - CVE-2017-18209: Prevent NULL pointer dereference in the
        GetOpenCLCachedFilesDirectory function caused by a
        memory allocation result that was not checked, related
        to GetOpenCLCacheDirectory (bsc#1083628).
    
      - CVE-2017-18211: Prevent NULL pointer dereference in the
        function saveBinaryCLProgram caused by a program-lookup
        result not being checked, related to CacheOpenCLKernel
        (bsc#1083634).
    
      - CVE-2017-9500: Prevent assertion failure in the function
        ResetImageProfileIterator, which allowed attackers to
        cause a denial of service via a crafted file
        (bsc#1043290).
    
      - CVE-2017-14739: The AcquireResampleFilterThreadSet
        function mishandled failed memory allocation, which
        allowed remote attackers to cause a denial of service
        (NULL pointer Dereference in DistortImage in
        MagickCore/distort.c, and application crash) via
        unspecified vectors (bsc#1060382).
    
      - CVE-2017-16353: Prevent memory information disclosure in
        the DescribeImage function caused by a heap-based buffer
        over-read. The portion of the code containing the
        vulnerability is responsible for printing the IPTC
        Profile information contained in the image. This
        vulnerability can be triggered with a specially crafted
        MIFF file. There is an out-of-bounds buffer dereference
        because certain increments were never checked
        (bsc#1066170).
    
      - CVE-2017-16352: Prevent a heap-based buffer overflow in
        the 'Display visual image directory' feature of the
        DescribeImage() function. One possible way to trigger
        the vulnerability is to run the identify command on a
        specially crafted MIFF format file with the verbose flag
        (bsc#1066168).
    
      - CVE-2017-14314: Prevent off-by-one error in the
        DrawImage function that allowed remote attackers to
        cause a denial of service (DrawDashPolygon heap-based
        buffer over-read and application crash) via a crafted
        file (bsc#1058630).
    
      - CVE-2017-13768: Prevent NULL pointer dereference in the
        IdentifyImage function that allowed an attacker to
        perform denial of service by sending a crafted image
        file (bsc#1056434).
    
      - CVE-2017-14505: Fixed handling of NULL arrays, which
        allowed attackers to perform Denial of Service (NULL
        pointer dereference and application crash in
        AcquireQuantumMemory within MagickCore/memory.c) by
        providing a crafted Image File as input (bsc#1059735).
    
      - CVE-2018-7470: The IsWEBPImageLossless function allowed
        attackers to cause a denial of service (segmentation
        violation) via a crafted file (bsc#1082837).
    
      - CVE-2018-7443: The ReadTIFFImage function did not
        properly validate the amount of image data in a file,
        which allowed remote attackers to cause a denial of
        service (memory allocation failure in the
        AcquireMagickMemory function in MagickCore/memory.c)
        (bsc#1082792).
    
      - CVE-2017-15016: Prevent NULL pointer dereference
        vulnerability in ReadEnhMetaFile allowing for denial of
        service (bsc#1082291).
    
      - CVE-2017-15017: Prevent NULL pointer dereference
        vulnerability in ReadOneMNGImage allowing for denial of
        service (bsc#1082283).
    
      - CVE-2017-12692: The ReadVIFFImage function allowed
        remote attackers to cause a denial of service (memory
        consumption) via a crafted VIFF file (bsc#1082362).
    
      - CVE-2017-12693: The ReadBMPImage function allowed remote
        attackers to cause a denial of service (memory
        consumption) via a crafted BMP file (bsc#1082348). This
        update was imported from the SUSE:SLE-12:Update update
        project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1043290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086011"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ImageMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debugsource-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-devel-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-devel-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"ImageMagick-devel-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-devel-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1131.NASL
    descriptionThis updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail, CUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other types of files are processed. For Debian 7
    last seen2020-03-17
    modified2017-10-11
    plugin id103756
    published2017-10-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103756
    titleDebian DLA-1131-1 : imagemagick security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1131-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103756);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-12691", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-12875", "CVE-2017-13758", "CVE-2017-13768", "CVE-2017-13769", "CVE-2017-14060", "CVE-2017-14172", "CVE-2017-14173", "CVE-2017-14174", "CVE-2017-14175", "CVE-2017-14224", "CVE-2017-14249", "CVE-2017-14341", "CVE-2017-14400", "CVE-2017-14505", "CVE-2017-14607", "CVE-2017-14682", "CVE-2017-14739", "CVE-2017-14741", "CVE-2017-14989", "CVE-2017-15016", "CVE-2017-15017");
    
      script_name(english:"Debian DLA-1131-1 : imagemagick security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This updates fixes numerous vulnerabilities in imagemagick: Various
    memory handling problems and cases of missing or incomplete input
    sanitising may result in denial of service, memory disclosure, or the
    execution of arbitrary code if malformed XCF, VIFF, BMP, thumbnail,
    CUT, PSD, TXT, XBM, PCX, MPC, WPG, TIFF, SVG, font, EMF, PNG, or other
    types of files are processed.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    8:6.7.7.10-5+deb7u17.
    
    We recommend that you upgrade your imagemagick packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/10/msg00010.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/imagemagick"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perlmagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"imagemagick", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-common", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-dbg", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-doc", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagick++-dev", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagick++5", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore-dev", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore5", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore5-extra", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickwand-dev", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickwand5", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    if (deb_check(release:"7.0", prefix:"perlmagick", reference:"8:6.7.7.10-5+deb7u17")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201711-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201711-07 (ImageMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details. Impact : Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id104515
    published2017-11-13
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104515
    titleGLSA-201711-07 : ImageMagick: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F5A9805C5B.NASL
    description6.9.9-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id106007
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106007
    titleFedora 27 : 1:ImageMagick / rubygem-rmagick (2017-f5a9805c5b)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3681-1.NASL
    descriptionIt was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110516
    published2018-06-13
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110516
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : imagemagick vulnerabilities (USN-3681-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0857-1.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id108824
    published2018-04-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108824
    titleSUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0857-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0880-1.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id108877
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108877
    titleSUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0880-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-897A192750.NASL
    description6.9.9-15 ---- Rebuilt for ImageMagick 6.9.9-13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103901
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103901
    titleFedora 26 : ImageMagick / rubygem-rmagick (2017-897a192750)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1785.NASL
    descriptionNumerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125093
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125093
    titleDebian DLA-1785-1 : imagemagick security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-66D9113C7A.NASL
    description6.9.9-15 ---- Rebuilt for ImageMagick 6.9.9-13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-18
    plugin id103898
    published2017-10-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103898
    titleFedora 25 : ImageMagick / rubygem-rmagick (2017-66d9113c7a)