coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

This update for ImageMagick fixes the following issues :

  - CVE-2016-9556 Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707 Possible code execution in Tiff conver     utility [bsc#1014159]

  - CVE-2016-8866 Memory allocation failure in     AcquireMagickMemory could lead to Heap overflow     [bsc#1009318]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2016-9556 Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707 Possible code execution in Tiff conver     utility [bsc#1014159]

  - CVE-2016-8866 Memory allocation failure in     AcquireMagickMemory could lead to Heap overflow     [bsc#1009318]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - CVE-2016-9556: Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559: Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707: Possible code execution in the tiff     deflate convert code [bsc#1014159]

  - CVE-2016-9773: Possible Heap overflow in IsPixelGray     [bsc#1013376]

  - CVE-2016-8866: Possible memory allocation failure in     AcquireMagickMemory [bsc#1009318]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-7. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c. An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-5. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c.
An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.

This update for GraphicsMagick fixes the following security issues :

  - CVE-2016-9556: Maliciously crafted image headers could     cause denial of service in image format detection     routines (boo#1011130)

  - CVE-2016-9559: Maliciously crafted image headers could     cause denial of service in image format detection     routines for TIFF (boo#1011136)

Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input.

ID	Name	Product	Family	Severity
135519	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)	Nessus	Huawei Local Security Checks	critical
131846	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	Nessus	Huawei Local Security Checks	critical
96296	openSUSE Security Update : ImageMagick (openSUSE-2017-14)	Nessus	SuSE Local Security Checks	high
96139	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)	Nessus	SuSE Local Security Checks	high
96138	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)	Nessus	SuSE Local Security Checks	high
95721	ImageMagick 7.x < 7.0.3-7 TIFFGetProperties() NULL Pointer Dereference DoS	Nessus	Windows	medium
95719	ImageMagick 6.x < 6.9.6-5 TIFFGetProperties() NULL Pointer Dereference DoS	Nessus	Windows	medium
95595	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1415)	Nessus	SuSE Local Security Checks	medium
95594	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1414)	Nessus	SuSE Local Security Checks	medium
95593	openSUSE Security Update : ImageMagick (openSUSE-2016-1413)	Nessus	SuSE Local Security Checks	medium
95362	Debian DSA-3726-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2016-9559

medium

Tenable Plugins

critical

critical

high

high

high

medium

medium

medium

medium

medium

high