[oss-security] 20161226 Re: CVE requests for various ImageMagick issues

95220

https://bugzilla.redhat.com/show_bug.cgi?id=1410494

https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-5 or 7.x prior to 7.0.1-7. It is, therefore, affected by multiple denial of service vulnerabilities :

  - A denial of service vulnerability exists in the DCM     reader due to a NULL pointer dereference flaw that is     triggered during the handling of photometric     interpretation or the handling of frames. An     unauthenticated, remote attacker can exploit this to     crash processes linked against the library.
    (CVE-2016-5689)

  - A denial of service vulnerability exists in the DCM     reader due to improper computation of the pixel scaling     table. An unauthenticated, remote attacker can exploit     this to crash processes linked against the library.
    (CVE-2016-5690)

  - A denial of service vulnerability exists in the DCM     reader due to improper validation of pixel.red,     pixel,green, and pixel.blue. An unauthenticated, remote     attacker can exploit this to crash processes linked     against the library. (CVE-2016-5691)

  - Multiple denial of service vulnerabilities exist in     multiple functions in viff.c due to improper handling of     a saturation of exceptions. An unauthenticated, remote     attacker can exploit these issues to crash processes     linked against the library. (CVE-2016-10066,     CVE-2016-10067)

  - A denial of service vulnerability exists in the     ThrowReaderException() function in mat.c due to improper     handling of frame numbers in a crafted MAT file. An     unauthenticated, remote attacker can exploit this to     crash processes linked against the library.
    (CVE-2016-10069)

ID	Name	Product	Family	Severity
135519	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)	Nessus	Huawei Local Security Checks	critical
131846	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	Nessus	Huawei Local Security Checks	critical
91819	ImageMagick 6.x < 6.9.4-5 / 7.x < 7.0.1-7 Multiple DoS	Nessus	Windows	critical

CVE-2016-10067

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical