Vulnerabilities > CVE-2017-9500 - Reachable Assertion vulnerability in Imagemagick 7.0.58

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
imagemagick
CWE-617
nessus

Summary

In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-343.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-05
    modified2018-04-10
    plugin id108935
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108935
    titleopenSUSE Security Update : ImageMagick (openSUSE-2018-343)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-343.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108935);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-11524", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14505", "CVE-2017-14739", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-7470", "CVE-2018-8804");
    
      script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2018-343)");
      script_summary(english:"Check for the openSUSE-2018-343 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ImageMagick fixes several issues.
    
    These security issues were fixed :
    
      - CVE-2018-8804: The WriteEPTImage function allowed remote
        attackers to cause a denial of service (double free and
        application crash) or possibly have unspecified other
        impact via a crafted file (bsc#1086011).
    
      - CVE-2017-11524: The WriteBlob function allowed remote
        attackers to cause a denial of service (assertion
        failure and application exit) via a crafted file
        (bsc#1050087).
    
      - CVE-2017-18209: Prevent NULL pointer dereference in the
        GetOpenCLCachedFilesDirectory function caused by a
        memory allocation result that was not checked, related
        to GetOpenCLCacheDirectory (bsc#1083628).
    
      - CVE-2017-18211: Prevent NULL pointer dereference in the
        function saveBinaryCLProgram caused by a program-lookup
        result not being checked, related to CacheOpenCLKernel
        (bsc#1083634).
    
      - CVE-2017-9500: Prevent assertion failure in the function
        ResetImageProfileIterator, which allowed attackers to
        cause a denial of service via a crafted file
        (bsc#1043290).
    
      - CVE-2017-14739: The AcquireResampleFilterThreadSet
        function mishandled failed memory allocation, which
        allowed remote attackers to cause a denial of service
        (NULL pointer Dereference in DistortImage in
        MagickCore/distort.c, and application crash) via
        unspecified vectors (bsc#1060382).
    
      - CVE-2017-16353: Prevent memory information disclosure in
        the DescribeImage function caused by a heap-based buffer
        over-read. The portion of the code containing the
        vulnerability is responsible for printing the IPTC
        Profile information contained in the image. This
        vulnerability can be triggered with a specially crafted
        MIFF file. There is an out-of-bounds buffer dereference
        because certain increments were never checked
        (bsc#1066170).
    
      - CVE-2017-16352: Prevent a heap-based buffer overflow in
        the 'Display visual image directory' feature of the
        DescribeImage() function. One possible way to trigger
        the vulnerability is to run the identify command on a
        specially crafted MIFF format file with the verbose flag
        (bsc#1066168).
    
      - CVE-2017-14314: Prevent off-by-one error in the
        DrawImage function that allowed remote attackers to
        cause a denial of service (DrawDashPolygon heap-based
        buffer over-read and application crash) via a crafted
        file (bsc#1058630).
    
      - CVE-2017-13768: Prevent NULL pointer dereference in the
        IdentifyImage function that allowed an attacker to
        perform denial of service by sending a crafted image
        file (bsc#1056434).
    
      - CVE-2017-14505: Fixed handling of NULL arrays, which
        allowed attackers to perform Denial of Service (NULL
        pointer dereference and application crash in
        AcquireQuantumMemory within MagickCore/memory.c) by
        providing a crafted Image File as input (bsc#1059735).
    
      - CVE-2018-7470: The IsWEBPImageLossless function allowed
        attackers to cause a denial of service (segmentation
        violation) via a crafted file (bsc#1082837).
    
      - CVE-2018-7443: The ReadTIFFImage function did not
        properly validate the amount of image data in a file,
        which allowed remote attackers to cause a denial of
        service (memory allocation failure in the
        AcquireMagickMemory function in MagickCore/memory.c)
        (bsc#1082792).
    
      - CVE-2017-15016: Prevent NULL pointer dereference
        vulnerability in ReadEnhMetaFile allowing for denial of
        service (bsc#1082291).
    
      - CVE-2017-15017: Prevent NULL pointer dereference
        vulnerability in ReadOneMNGImage allowing for denial of
        service (bsc#1082283).
    
      - CVE-2017-12692: The ReadVIFFImage function allowed
        remote attackers to cause a denial of service (memory
        consumption) via a crafted VIFF file (bsc#1082362).
    
      - CVE-2017-12693: The ReadBMPImage function allowed remote
        attackers to cause a denial of service (memory
        consumption) via a crafted BMP file (bsc#1082348). This
        update was imported from the SUSE:SLE-12:Update update
        project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1043290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086011"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ImageMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-6_Q16-3-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-6_Q16-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-6_Q16-1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-debugsource-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-devel-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"ImageMagick-extra-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagick++-devel-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"perl-PerlMagick-debuginfo-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"ImageMagick-devel-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagick++-devel-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-32bit-6.8.8.1-58.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-32bit-6.8.8.1-58.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-debuginfo / ImageMagick-debugsource / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1000.NASL
    descriptionThis update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service if malformed MNG, JNG, ICON, PALM, MPC, or PDB files are processed. For Debian 7
    last seen2020-03-17
    modified2017-06-26
    plugin id101031
    published2017-06-26
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101031
    titleDebian DLA-1000-1 : imagemagick security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1000-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101031);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-9261", "CVE-2017-9262", "CVE-2017-9405", "CVE-2017-9407", "CVE-2017-9409", "CVE-2017-9439", "CVE-2017-9500", "CVE-2017-9501");
    
      script_name(english:"Debian DLA-1000-1 : imagemagick security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several vulnerabilities in imagemagick: Various
    memory handling problems and cases of missing or incomplete input
    sanitising may result in denial of service if malformed MNG, JNG,
    ICON, PALM, MPC, or PDB files are processed.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    8:6.7.7.10-5+deb7u15.
    
    We recommend that you upgrade your imagemagick packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/06/msg00029.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/imagemagick"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imagemagick-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagick++5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickcore5-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagickwand5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perlmagick");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"imagemagick", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-common", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-dbg", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"imagemagick-doc", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagick++-dev", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagick++5", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore-dev", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore5", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickcore5-extra", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickwand-dev", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"libmagickwand5", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    if (deb_check(release:"7.0", prefix:"perlmagick", reference:"8:6.7.7.10-5+deb7u15")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idIMAGEMAGICK_7_0_5_8.NASL
    descriptionThe version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.8-10 or 7.x prior to 7.0.5-9. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the ReadRLEImage() function within file coders/rle.c when reading image color maps due to issues related to a
    last seen2020-06-01
    modified2020-06-02
    plugin id100847
    published2017-06-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100847
    titleImageMagick 6.x < 6.9.8-10 / 7.x < 7.0.5-9 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100847);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2017-7606",
        "CVE-2017-7619",
        "CVE-2017-7941",
        "CVE-2017-7942",
        "CVE-2017-7943",
        "CVE-2017-8343",
        "CVE-2017-8344",
        "CVE-2017-8345",
        "CVE-2017-8346",
        "CVE-2017-8347",
        "CVE-2017-8348",
        "CVE-2017-8349",
        "CVE-2017-8350",
        "CVE-2017-8351",
        "CVE-2017-8352",
        "CVE-2017-8353",
        "CVE-2017-8354",
        "CVE-2017-8355",
        "CVE-2017-8356",
        "CVE-2017-8357",
        "CVE-2017-8765",
        "CVE-2017-8830",
        "CVE-2017-9098",
        "CVE-2017-9141",
        "CVE-2017-9142",
        "CVE-2017-9143",
        "CVE-2017-9144",
        "CVE-2017-9261",
        "CVE-2017-9262",
        "CVE-2017-9405",
        "CVE-2017-9407",
        "CVE-2017-9409",
        "CVE-2017-9439",
        "CVE-2017-9440",
        "CVE-2017-9500"
      );
      script_bugtraq_id(
        97944,
        97946,
        97956,
        98132,
        98136,
        98138,
        98346,
        98363,
        98364,
        98370,
        98371,
        98372,
        98373,
        98374,
        98377,
        98378,
        98380,
        98388,
        98593,
        98603,
        98606,
        98682,
        98683,
        98685,
        98687,
        98688,
        98689,
        98730,
        98735,
        98907,
        98908,
        98941
      );
    
      script_name(english:"ImageMagick 6.x < 6.9.8-10 / 7.x < 7.0.5-9 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of ImageMagick.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote Windows host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of ImageMagick installed on the remote Windows host is 6.x
    prior to 6.9.8-10 or 7.x prior to 7.0.5-9. It is, therefore, affected
    by multiple vulnerabilities :
    
      - A flaw exists in the ReadRLEImage() function within file
        coders/rle.c when reading image color maps due to issues
        related to a 'type unsigned char' falling outside the
        range of representable values. An unauthenticated,
        remote attacker can exploit this, via a specially
        crafted image, to cause a denial of service condition or
        possibly have other impact. (CVE-2017-7606)
    
      - An infinite loop condition exists in multiple color
        algorithms within file magick/enhance.c due to a
        floating-point rounding error. An unauthenticated,
        remote attacker can exploit this to consume excessive
        resources, resulting in a denial of service condition.
        (CVE-2017-7619)
    
      - A denial of service vulnerability exists in the
        ReadSGIImage() function within file coders/sgi.c when
        handling a specially crafted file. An unauthenticated,
        remote attacker can exploit this to consume excessive
        memory resources. (CVE-2017-7941)
    
      - A denial of service vulnerability exists in the
        ReadAVSImage() function within file coders/avs.c when
        handling a specially crafted file. An unauthenticated,
        remote attacker can exploit this to consume excessive
        memory resources. (CVE-2017-7942)
    
      - A denial of service vulnerability exists in the
        ReadSVGImage() function within file coders/svg.c when
        handling a specially crafted file. An unauthenticated,
        remote attacker can exploit this to consume excessive
        memory resources. (CVE-2017-7943)
    
      - A denial of service vulnerability exists in the
        ReadAAIImage() function within file aai.c when handling
        specially crafted AAI files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8343)
    
      - A denial of service vulnerability exists in the
        ReadPCXImage() function within file pcx.c when handling
        specially crafted DCX files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8344)
    
      - A denial of service vulnerability exists in the
        ReadMNGImage() function within file png.c when handling
        specially crafted MNG files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8345)
    
      - A denial of service vulnerability exists in the
        ReadDCMImage() function within file dcm.c when handling
        specially crafted DCM files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8346)
    
      - A denial of service vulnerability exists in the
        ReadEXRImage() function within file exr.c when handling
        specially crafted EXR files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8347)
    
      - A denial of service vulnerability exists in the
        ReadMATImage() function within file mat.c when handling
        specially crafted MAT files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8348)
    
      - A denial of service vulnerability exists in the
        ReadSFWImage() function within file sfw.c when handling
        specially crafted SFW files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8349)
    
      - A denial of service vulnerability exists in the
        ReadJNGImage() function within file png.c when handling
        specially crafted JNG files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8350)
    
      - A denial of service vulnerability exists in the
        ReadPCDImage() function within file pcd.c when handling
        specially crafted PCD files. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8351)
    
      - A denial of service vulnerability exists in the
        ReadXWDImage() function within file coders/xwd.c when
        parsing XWD images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8352)
    
      - A denial of service vulnerability exists in the
        ReadPICTImage() function within file coders/pict.c when
        parsing PICT images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8353)
    
      - A denial of service vulnerability exists in the
        ReadBMPImage() function within file coders/bmp.c when
        parsing BMP images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8354)
    
      - A denial of service vulnerability exists in the
        ReadMTVImage() function within file coders/mtv.c when
        parsing MTV images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8355)
    
      - A denial of service vulnerability exists in the
        ReadSUNImage() function within file coders/sun.c when
        parsing SUN images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8356)
    
      - A denial of service vulnerability exists in the
        ReadEPTImage() function within file coders/ept.c when
        parsing EPT images. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8357)
    
      - A denial of service vulnerability exists in the
        ReadICONImage() function within file coders/icon.c when
        parsing ICON files. An unauthenticated, remote attacker
        can exploit this, via a specially crafted file, to
        consume excessive memory resources. (CVE-2017-8765)
    
      - A denial of service vulnerability exists in the
        ReadBMPImage() function within file bmp.c when handling
        a specially crafted file. An unauthenticated, remote
        attacker can exploit this to consume excessive memory
        resources. (CVE-2017-8830)
    
      - An out-of-bounds read error exists in the ReadRLEImage()
        function within file coders/rle.c when handling image
        color maps due to a missing initialization step. An
        unauthenticated, remote attacker can exploit this to
        disclose process memory contents. (CVE-2017-9098)
    
      - A denial of service vulnerability exists in the
        ReadDDSImage() function within file coders/dds.c when
        handling DDS images due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to trigger an assertion failure.
        (CVE-2017-9141)
    
      - A denial of service vulnerability exists in the
        ReadOneJNGImage() function within file coders/png.c when
        handling JNG images due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to trigger an assertion failure.
        (CVE-2017-9142)
    
      - A denial of service vulnerability exists in the
        ReadARTImage() function within file coders/art.c when
        handling specially crafted ART files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9143)
    
      - A flaw exists in the ReadRLEImage() function within file
        coders/rle.c when reading run-length encoded image data.
        An unauthenticated, remote attacker can exploit this,
        via specially crafted image files, to cause a denial of
        service condition. (CVE-2017-9144)
    
      - A denial of service vulnerability exists in the
        ReadOneMNGImage() function within file coders/png.c when
        handling specially crafted MNG files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9261)
    
      - A denial of service vulnerability exists in the
        ReadOneJNGImage() function within file coders/png.c when
        handling specially crafted JNG files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9262)
    
      - A denial of service vulnerability exists in the
        ReadICONImage() function within file coders/icon.c when
        handling specially crafted ICO files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9405)
    
      - A denial of service vulnerability exists in the
        ReadPALMImage() function within file coders/palm.c when
        handling specially crafted PALM files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9407)
    
      - A denial of service vulnerability exists in the
        ReadMPCImage() function within file coders/mpc.c when
        handling specially crafted MPC files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9409)
    
      - A denial of service vulnerability exists in the
        ReadPDBImage() function within file coders/pdb.c when
        handling specially crafted PDB files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9439)
    
      - A denial of service vulnerability exists in the
        ReadPSDChannelZip() function within file coders/psd.c
        when handling specially crafted PSD files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9440)
    
      - A denial of service vulnerability exists in the
        ResetImageProfileIterator() function within file 
        coders/dds.c when handling specially crafted DDS images.
        An unauthenticated, remote attacker can exploit this to
        consume excessive memory resources. (CVE-2017-9500)
    
      - A denial of service vulnerability exists in the
        ReadTGAImage() function within file coders/tga.c when
        handling specially crafted VST files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources.
    
      - A denial of service vulnerability exists in the
        RestoreMSCWarning() function within file coders/mat.c
        when handling specially crafted MAT files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources.
    
      - A denial of service vulnerability exists in the
        ReadXWDImage() function within file coders/xwd.c
        when handling specially crafted XWD files. An
        unauthenticated, remote attacker can exploit this to
        consume excessive memory resources.
    
      - A flaw exists in the ReadDCMImage() function within file
        coders/dcm.c when handling DCM image color maps. An
        unauthenticated, remote attacker can exploit this, via
        a specially crafted image, to cause a denial of service
        condition.");
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2017/May/63");
      script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-3863");
      script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3302-1/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to ImageMagick version 6.9.8-10 / 7.0.5-9 or later. Note that
    you may also need to manually uninstall the vulnerable version from
    the system.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9098");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:imagemagick:imagemagick");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("imagemagick_installed.nasl");
      script_require_keys("installed_sw/ImageMagick", "installed_sw/ImageMagick/vcf_version");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    vcf::imagemagick::initialize();
    app_info = vcf::imagemagick::get_app_info();
    
    constraints = [
      {'min_version' : '6.0.0-0' , 'fixed_version' : '6.9.8-10'},
      {'min_version' : '7.0.0-0' , 'fixed_version' : '7.0.5-9'}
    ];
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0857-1.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id108824
    published2018-04-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108824
    titleSUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0857-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0857-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108824);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:47");
    
      script_cve_id("CVE-2017-11524", "CVE-2017-12692", "CVE-2017-12693", "CVE-2017-13768", "CVE-2017-14314", "CVE-2017-14505", "CVE-2017-14739", "CVE-2017-15016", "CVE-2017-15017", "CVE-2017-16352", "CVE-2017-16353", "CVE-2017-18209", "CVE-2017-18211", "CVE-2017-9500", "CVE-2018-7443", "CVE-2018-7470", "CVE-2018-8804");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0857-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ImageMagick fixes several issues. These security
    issues were fixed :
    
      - CVE-2018-8804: The WriteEPTImage function allowed remote
        attackers to cause a denial of service (double free and
        application crash) or possibly have unspecified other
        impact via a crafted file (bsc#1086011).
    
      - CVE-2017-11524: The WriteBlob function allowed remote
        attackers to cause a denial of service (assertion
        failure and application exit) via a crafted file
        (bsc#1050087).
    
      - CVE-2017-18209: Prevent NULL pointer dereference in the
        GetOpenCLCachedFilesDirectory function caused by a
        memory allocation result that was not checked, related
        to GetOpenCLCacheDirectory (bsc#1083628).
    
      - CVE-2017-18211: Prevent NULL pointer dereference in the
        function saveBinaryCLProgram caused by a program-lookup
        result not being checked, related to CacheOpenCLKernel
        (bsc#1083634).
    
      - CVE-2017-9500: Prevent assertion failure in the function
        ResetImageProfileIterator, which allowed attackers to
        cause a denial of service via a crafted file
        (bsc#1043290).
    
      - CVE-2017-14739: The AcquireResampleFilterThreadSet
        function mishandled failed memory allocation, which
        allowed remote attackers to cause a denial of service
        (NULL pointer Dereference in DistortImage in
        MagickCore/distort.c, and application crash) via
        unspecified vectors (bsc#1060382).
    
      - CVE-2017-16353: Prevent memory information disclosure in
        the DescribeImage function caused by a heap-based buffer
        over-read. The portion of the code containing the
        vulnerability is responsible for printing the IPTC
        Profile information contained in the image. This
        vulnerability can be triggered with a specially crafted
        MIFF file. There is an out-of-bounds buffer dereference
        because certain increments were never checked
        (bsc#1066170).
    
      - CVE-2017-16352: Prevent a heap-based buffer overflow in
        the 'Display visual image directory' feature of the
        DescribeImage() function. One possible way to trigger
        the vulnerability is to run the identify command on a
        specially crafted MIFF format file with the verbose flag
        (bsc#1066168).
    
      - CVE-2017-14314: Prevent off-by-one error in the
        DrawImage function that allowed remote attackers to
        cause a denial of service (DrawDashPolygon heap-based
        buffer over-read and application crash) via a crafted
        file (bsc#1058630).
    
      - CVE-2017-13768: Prevent NULL pointer dereference in the
        IdentifyImage function that allowed an attacker to
        perform denial of service by sending a crafted image
        file (bsc#1056434).
    
      - CVE-2017-14505: Fixed handling of NULL arrays, which
        allowed attackers to perform Denial of Service (NULL
        pointer dereference and application crash in
        AcquireQuantumMemory within MagickCore/memory.c) by
        providing a crafted Image File as input (bsc#1059735).
    
      - CVE-2018-7470: The IsWEBPImageLossless function allowed
        attackers to cause a denial of service (segmentation
        violation) via a crafted file (bsc#1082837).
    
      - CVE-2018-7443: The ReadTIFFImage function did not
        properly validate the amount of image data in a file,
        which allowed remote attackers to cause a denial of
        service (memory allocation failure in the
        AcquireMagickMemory function in MagickCore/memory.c)
        (bsc#1082792).
    
      - CVE-2017-15016: Prevent NULL pointer dereference
        vulnerability in ReadEnhMetaFile allowing for denial of
        service (bsc#1082291).
    
      - CVE-2017-15017: Prevent NULL pointer dereference
        vulnerability in ReadOneMNGImage allowing for denial of
        service (bsc#1082283).
    
      - CVE-2017-12692: The ReadVIFFImage function allowed
        remote attackers to cause a denial of service (memory
        consumption) via a crafted VIFF file (bsc#1082362).
    
      - CVE-2017-12693: The ReadBMPImage function allowed remote
        attackers to cause a denial of service (memory
        consumption) via a crafted BMP file (bsc#1082348).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11524/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12692/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12693/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13768/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14314/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14739/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15016/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15017/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16352/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16353/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18209/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18211/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9500/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7443/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7470/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-8804/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180857-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2b72d9c7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2018-572=1
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2018-572=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-572=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2018-572=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2018-572=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-572=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2018-572=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-572=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2018-572=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-debugsource-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"ImageMagick-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"ImageMagick-debugsource-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-debugsource-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ImageMagick-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ImageMagick-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ImageMagick-debugsource-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagick++-6_Q16-3-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.47.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.47.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0880-1.NASL
    descriptionThis update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011) - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087) - CVE-2017-18219: Prevent allocation failure in the function ReadOnePNGImage, which allowed attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation (bsc#1084060). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290) - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170) - CVE-2017-16352: Prevent a heap-based buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id108877
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108877
    titleSUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0880-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1785.NASL
    descriptionNumerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125093
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125093
    titleDebian DLA-1785-1 : imagemagick security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4019.NASL
    descriptionThis update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id104403
    published2017-11-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104403
    titleDebian DSA-4019-1 : imagemagick - security update