Vulnerabilities > CVE-2019-11598 - Out-of-bounds Read vulnerability in Imagemagick 7.0.840

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
imagemagick
CWE-125
nessus

Summary

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1583.NASL
    descriptionAccording to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.(CVE-2019-10131) - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.(CVE-2019-11597) - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.(CVE-2019-11598) - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.(CVE-2019-10650) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-29
    plugin id125510
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125510
    titleEulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1583)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125510);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-10131",
        "CVE-2019-10650",
        "CVE-2019-11597",
        "CVE-2019-11598"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2019-1583)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ImageMagick packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - An off-by-one read vulnerability was discovered in
        ImageMagick in the formatIPTCfromBuffer function in
        coders/meta.c. A local attacker may use this flaw to
        read beyond the end of the buffer or to crash the
        program.(CVE-2019-10131)
    
      - In ImageMagick 7.0.8-43 Q16, there is a heap-based
        buffer over-read in the function WriteTIFFImage of
        coders/tiff.c, which allows an attacker to cause a
        denial of service or possibly information disclosure
        via a crafted image file.(CVE-2019-11597)
    
      - In ImageMagick 7.0.8-40 Q16, there is a heap-based
        buffer over-read in the function WritePNMImage of
        coders/pnm.c, which allows an attacker to cause a
        denial of service or possibly information disclosure
        via a crafted image file. This is related to
        SetGrayscaleImage in
        MagickCore/quantize.c.(CVE-2019-11598)
    
      - In ImageMagick 7.0.8-36 Q16, there is a heap-based
        buffer over-read in the function WriteTIFFImage of
        coders/tiff.c, which allows an attacker to cause a
        denial of service or information disclosure via a
        crafted image file.(CVE-2019-10650)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1583
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8991ae7a");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ImageMagick packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ImageMagick-6.7.8.9-15.h22.eulerosv2r7",
            "ImageMagick-c++-6.7.8.9-15.h22.eulerosv2r7",
            "ImageMagick-perl-6.7.8.9-15.h22.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_183D700EEC70487EA9C4632324AFA934.NASL
    descriptioncvedetails.com reports : CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. CVE-2019-7398: In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. CVE-2019-10131: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. CVE-2019-10714: LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. CVE-2019-11470: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. CVE-2019-11472: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. CVE-2019-11597: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. CVE-2019-11598: In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
    last seen2020-06-01
    modified2020-06-02
    plugin id125614
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125614
    titleFreeBSD : ImageMagick -- multiple vulnerabilities (183d700e-ec70-487e-a9c4-632324afa934)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125614);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/13");
    
      script_cve_id("CVE-2019-10131", "CVE-2019-10649", "CVE-2019-10650", "CVE-2019-10714", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598", "CVE-2019-7175", "CVE-2019-7395", "CVE-2019-7396", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956");
    
      script_name(english:"FreeBSD : ImageMagick -- multiple vulnerabilities (183d700e-ec70-487e-a9c4-632324afa934)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "cvedetails.com reports :
    
    CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist
    in DecodeImage in coders/pcd.c.
    
    CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in
    WritePSDChannel in coders/psd.c.
    
    CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exists in
    ReadSIXELImage in coders/sixel.c.
    
    CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick
    through 1.3.31, several memory leaks exist in WritePDFImage in
    coders/pdf.c.
    
    CVE-2019-7398: In ImageMagick before 7.0.8-25, a memory leak exists in
    WriteDIBImage in coders/dib.c.
    
    CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based
    buffer overflow in the function PopHexPixel of coders/ps.c, which
    allows an attacker to cause a denial of service or code execution via
    a crafted image file.
    
    CVE-2019-10131: An off-by-one read vulnerability was discovered in
    ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer
    function in coders/meta.c. A local attacker may use this flaw to read
    beyond the end of the buffer or to crash the program.
    
    CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in
    the function SVGKeyValuePairs of coders/svg.c, which allows an
    attacker to cause a denial of service via a crafted image file.
    
    CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based
    buffer over-read in the function WriteTIFFImage of coders/tiff.c,
    which allows an attacker to cause a denial of service or information
    disclosure via a crafted image file.
    
    CVE-2019-10714: LocaleLowercase in MagickCore/locale.c in ImageMagick
    before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
    
    CVE-2019-11470: The cineon parsing component in ImageMagick 7.0.8-26
    Q16 allows attackers to cause a denial-of-service (uncontrolled
    resource consumption) by crafting a Cineon image with an incorrect
    claimed image size. This occurs because ReadCINImage in coders/cin.c
    lacks a check for insufficient image data in a file.
    
    CVE-2019-11472: ReadXWDImage in coders/xwd.c in the XWD image parsing
    component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a
    denial-of-service (divide-by-zero error) by crafting an XWD image file
    in which the header indicates neither LSB first nor MSB first.
    
    CVE-2019-11597: In ImageMagick 7.0.8-43 Q16, there is a heap-based
    buffer over-read in the function WriteTIFFImage of coders/tiff.c,
    which allows an attacker to cause a denial of service or possibly
    information disclosure via a crafted image file.
    
    CVE-2019-11598: In ImageMagick 7.0.8-40 Q16, there is a heap-based
    buffer over-read in the function WritePNMImage of coders/pnm.c, which
    allows an attacker to cause a denial of service or possibly
    information disclosure via a crafted image file. This is related to
    SetGrayscaleImage in MagickCore/quantize.c."
      );
      # https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f4e659e"
      );
      # https://vuxml.freebsd.org/freebsd/183d700e-ec70-487e-a9c4-632324afa934.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df154b9c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9956");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ImageMagick6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ImageMagick6-nox11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ImageMagick7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ImageMagick7-nox11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"ImageMagick7<7.0.8.47")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ImageMagick7-nox11<7.0.8.47")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ImageMagick6<6.9.10.47,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ImageMagick6-nox11<6.9.10.47,1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1712-1.NASL
    descriptionThis update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126253
    published2019-06-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126253
    titleSUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1712-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1712-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126253);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2017-12805", "CVE-2017-12806", "CVE-2019-10131", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11505", "CVE-2019-11506", "CVE-2019-11597", "CVE-2019-11598");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1712-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ImageMagick fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-11597: Fixed a heap-based buffer over-read in the
    WriteTIFFImage() (bsc#1138464).
    
    Fixed a file content disclosure via SVG and WMF decoding
    (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in
    ReadXWDImage() (bsc#1133204).
    
    CVE-2019-11470: Fixed a denial of service in ReadCINImage()
    (bsc#1133205).
    
    CVE-2019-11506: Fixed a heap-based buffer overflow in the
    WriteMATLABImage() (bsc#1133498).
    
    CVE-2019-11505: Fixed a heap-based buffer overflow in the
    WritePDBImage() (bsc#1133501).
    
    CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer
    function in coders/meta.c (bsc#1134075).
    
    CVE-2017-12806: Fixed a denial of service through memory exhaustion in
    format8BIM() (bsc#1135232).
    
    CVE-2017-12805: Fixed a denial of service through memory exhaustion in
    ReadTIFFImage() (bsc#1135236).
    
    CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage()
    (bsc#1136732)
    
    We also now disable PCL in the -SUSE configuration, as it also uses
    ghostscript for decoding (bsc#1136183)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138464"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12805/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12806/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10131/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11470/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11506/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11597/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11598/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191712-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?865360d3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch
    SUSE-SLE-WE-12-SP4-2019-1712=1
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2019-1712=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-1712=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2019-1712=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-1712=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1712=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-1712=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-1712=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11506");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-SUSE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-config-6-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ImageMagick-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagick++-6_Q16-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickCore-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libMagickWand-6_Q16-1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3/4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"ImageMagick-config-6-upstream-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"ImageMagick-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"ImageMagick-debugsource-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-config-6-upstream-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"ImageMagick-debugsource-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"ImageMagick-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"ImageMagick-config-6-upstream-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"ImageMagick-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"ImageMagick-debugsource-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagick++-6_Q16-3-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-config-6-SUSE-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-config-6-upstream-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"ImageMagick-debugsource-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-32bit-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-6.8.8.1-71.123.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.123.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1581.NASL
    descriptionAccording to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.(CVE-2019-10131) - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.(CVE-2019-11597) - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.(CVE-2019-11598) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-29
    plugin id125508
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125508
    titleEulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-1581)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125508);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-10131",
        "CVE-2019-11597",
        "CVE-2019-11598"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-1581)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ImageMagick packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - An off-by-one read vulnerability was discovered in
        ImageMagick in the formatIPTCfromBuffer function in
        coders/meta.c. A local attacker may use this flaw to
        read beyond the end of the buffer or to crash the
        program.(CVE-2019-10131)
    
      - In ImageMagick 7.0.8-43 Q16, there is a heap-based
        buffer over-read in the function WriteTIFFImage of
        coders/tiff.c, which allows an attacker to cause a
        denial of service or possibly information disclosure
        via a crafted image file.(CVE-2019-11597)
    
      - In ImageMagick 7.0.8-40 Q16, there is a heap-based
        buffer over-read in the function WritePNMImage of
        coders/pnm.c, which allows an attacker to cause a
        denial of service or possibly information disclosure
        via a crafted image file. This is related to
        SetGrayscaleImage in
        MagickCore/quantize.c.(CVE-2019-11598)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1581
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5dc74ccd");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ImageMagick packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-c++");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ImageMagick-perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ImageMagick-6.7.8.9-15.h21",
            "ImageMagick-c++-6.7.8.9-15.h21",
            "ImageMagick-perl-6.7.8.9-15.h21"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1603.NASL
    descriptionThis update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126228
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126228
    titleopenSUSE Security Update : ImageMagick (openSUSE-2019-1603)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1603.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126228);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11505", "CVE-2019-11506", "CVE-2019-11598");
    
      script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2019-1603)");
      script_summary(english:"Check for the openSUSE-2019-1603 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ImageMagick fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-11472: Fixed a denial-of-service in
        ReadXWDImage() (bsc#1133204).
    
      - CVE-2019-11470: Fixed a denial-of-service in
        ReadCINImage() (bsc#1133205).
    
      - CVE-2019-11506: Fixed a heap-based buffer overflow in
        the WriteMATLABImage() (bsc#1133498).
    
      - CVE-2019-11505: Fixed a heap-based buffer overflow in
        the WritePDBImage() (bsc#1133501).
    
      - CVE-2019-11598: Fixed a heap-based buffer overread in
        WritePNMImage() (bsc#1136732)
    
    We also now disable PCL in the -SUSE configuration, as it also uses
    ghostscript for decoding (bsc#1136183)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136732"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ImageMagick packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11506");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-config-7-SUSE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-config-7-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-config-7-SUSE-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-config-7-upstream-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-debugsource-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-devel-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-extra-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"ImageMagick-extra-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagick++-devel-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-PerlMagick-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"perl-PerlMagick-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"ImageMagick-devel-32bit-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagick++-devel-32bit-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp150.2.32.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-config-7-upstream-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-debugsource-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-devel-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-extra-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-devel-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"perl-PerlMagick-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"ImageMagick-devel-32bit-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-devel-32bit-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-config-7-SUSE / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_IMAGEMAGICK_ON_SL7_X.NASL
    description* ImageMagick: multiple security vulnerabilities
    last seen2020-04-30
    modified2020-04-21
    plugin id135797
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135797
    titleScientific Linux Security Update : ImageMagick on SL7.x x86_64 (20200407)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1785.NASL
    descriptionNumerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125093
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125093
    titleDebian DLA-1785-1 : imagemagick security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1683.NASL
    descriptionThis update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126438
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126438
    titleopenSUSE Security Update : ImageMagick (openSUSE-2019-1683)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1180.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory. - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476) - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166) - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805) - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806) - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251) - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252) - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254) - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271) - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273) - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177) - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804) - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805) - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656) - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599) - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600) - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153) - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434) - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435) - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436) - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437) - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607) - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328) - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749) - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750) - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544) - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467) - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804) - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133) - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131) - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650) - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470) - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472) - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597) - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598) - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974) - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975) - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976) - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978) - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979) - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133) - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134) - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135) - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295) - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297) - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300) - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306) - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307) - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309) - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310) - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311) - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454) - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980) - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981) - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139) - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140) - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141) - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708) - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709) - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713) - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711) - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712) - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540) - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541) - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948) - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949) - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175) - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397) - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398) - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135354
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135354
    titleCentOS 7 : ImageMagick / autotrace / emacs / inkscape (CESA-2020:1180)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1180.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory. - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476) - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166) - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805) - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806) - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251) - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252) - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254) - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271) - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273) - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177) - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804) - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805) - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656) - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599) - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600) - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153) - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434) - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435) - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436) - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437) - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607) - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328) - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749) - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750) - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544) - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467) - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804) - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133) - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131) - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650) - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470) - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472) - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597) - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598) - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974) - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975) - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976) - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978) - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979) - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133) - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134) - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135) - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295) - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297) - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300) - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305) - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306) - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307) - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309) - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310) - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311) - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454) - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980) - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981) - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139) - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140) - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141) - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708) - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709) - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713) - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711) - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712) - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540) - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541) - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948) - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949) - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175) - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397) - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398) - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-31
    plugin id135041
    published2020-03-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135041
    titleRHEL 7 : ImageMagick (RHSA-2020:1180)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1582.NASL
    descriptionAccording to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.(CVE-2019-10131) - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.(CVE-2019-11597) - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.(CVE-2019-11598) - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.(CVE-2019-7175) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-29
    plugin id125509
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125509
    titleEulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2019-1582)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1523-1.NASL
    descriptionThis update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125987
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125987
    titleSUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:1523-1)
  • NASL familyWindows
    NASL idIMAGEMAGICK_7_0_8-44.NASL
    descriptionThe version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-44. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability exists due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this by convincing a user into converting a specially crafted file, to cause the system to stop responding. (CVE-2018-15607) - A stack-based buffer overflow condition exists in the PopHexPixel function due to a failure to handle exceptional conditions. An unauthenticated,remote attacker can exploit this, via convincing a user to open a crafted image file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-9956) - A memory leak vulnerability exists in the SVGKeyValuePairs function due to a failure to handle exceptional conditions. An unauthenticated, remote attacker can exploit this via convincing a user to open a crafted image file, to cause the application to stop responding. (CVE-2019-10649) Note that the application may also be affected by additional vulnerabilities. Refer to the vendor for additional information.
    last seen2020-06-01
    modified2020-06-02
    plugin id124776
    published2019-05-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124776
    titleImageMagick < 7.0.8-44 Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4034-1.NASL
    descriptionIt was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126254
    published2019-06-26
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126254
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : imagemagick vulnerabilities (USN-4034-1)

Redhat

rpms
  • ImageMagick-0:6.9.10.68-3.el7
  • ImageMagick-c++-0:6.9.10.68-3.el7
  • ImageMagick-c++-devel-0:6.9.10.68-3.el7
  • ImageMagick-debuginfo-0:6.9.10.68-3.el7
  • ImageMagick-devel-0:6.9.10.68-3.el7
  • ImageMagick-doc-0:6.9.10.68-3.el7
  • ImageMagick-perl-0:6.9.10.68-3.el7
  • autotrace-0:0.31.1-38.el7
  • autotrace-debuginfo-0:0.31.1-38.el7
  • autotrace-devel-0:0.31.1-38.el7
  • emacs-1:24.3-23.el7
  • emacs-common-1:24.3-23.el7
  • emacs-debuginfo-1:24.3-23.el7
  • emacs-el-1:24.3-23.el7
  • emacs-filesystem-1:24.3-23.el7
  • emacs-nox-1:24.3-23.el7
  • emacs-terminal-1:24.3-23.el7
  • inkscape-0:0.92.2-3.el7
  • inkscape-debuginfo-0:0.92.2-3.el7
  • inkscape-docs-0:0.92.2-3.el7
  • inkscape-view-0:0.92.2-3.el7