https://github.com/ImageMagick/ImageMagick/issues/1119

https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4

[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update

[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update

USN-3785-1

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by multiple vulnerabilities:

  - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in     coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

  - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
    (CVE-2018-13153)

  - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12599)

  - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12600)

  - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng     file. (CVE-2018-10177)

  - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions     (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)

  - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of     service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact     via a crafted file. (CVE-2018-8804)

  - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in     coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
    (CVE-2018-11656)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted MIFF image file. (CVE-2017-18271)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18251)

  - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows     attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via     a crafted file. (CVE-2017-18252)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18254)

  - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in     MagickCore/log.c. (CVE-2018-16328)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted     file. (CVE-2018-16749)

  - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c     was found. (CVE-2018-16750)

  - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36     0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory     resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

  - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the     function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

  - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in     WritePDFImage in coders/pdf.c. (CVE-2019-7397)

  - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a     crafted image file. (CVE-2019-10650)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure     via a crafted image file. (CVE-2019-11597)

  - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the     header indicates neither LSB first nor MSB first. (CVE-2019-11472)

  - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of     coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via     a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

  - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

  - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)

  - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

  - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)

  - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

  - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which     allows attackers to cause a denial of service. (CVE-2017-12805)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which     allows attackers to cause a denial of service. (CVE-2017-12806)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in     coders/viff.c. (CVE-2019-13134)

  - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage     in coders/cut.c. (CVE-2019-13135)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
    (CVE-2019-13133)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
    (CVE-2019-13454)

  - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage     in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted     image. (CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in     coders/pango.c. (CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
    (CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns. (CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
    (CVE-2019-13311)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in     MagickWand/mogrify.c. (CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage     error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows. (CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors. (CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one error. (CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment. (CVE-2019-13304)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
    (CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

  - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the     formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end     of the buffer or to crash the program. (CVE-2019-10131)

  - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of     coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image     file. (CVE-2019-9956)

  - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service     (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This     occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
    (CVE-2019-11470)

  - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

  - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

  - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,     with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial     of service via a crafted file. (CVE-2018-20467)

  - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in     the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14980)

  - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in     the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14981)

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the     error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

  - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service     (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to     TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in     tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
    (CVE-2019-15141)

  - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-     free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that     is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)

  - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in     ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than     CVE-2019-11472. (CVE-2019-15139)

  - The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can     cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD     file. (CVE-2017-11166)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of     coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of     coders/sgi.c. (CVE-2019-19948)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

  - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in     MagickCore/memory.c. (CVE-2019-16710)

  - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

  - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by     WritePS3Image. (CVE-2019-16712)

  - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in     MagickCore/constitute.c. (CVE-2019-16713)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ImageMagick packages installed that are affected by multiple vulnerabilities:

  - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in     coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

  - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
    (CVE-2018-13153)

  - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12599)

  - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12600)

  - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng     file. (CVE-2018-10177)

  - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions     (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)

  - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of     service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact     via a crafted file. (CVE-2018-8804)

  - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in     coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
    (CVE-2018-11656)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted MIFF image file. (CVE-2017-18271)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18251)

  - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows     attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via     a crafted file. (CVE-2017-18252)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18254)

  - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in     MagickCore/log.c. (CVE-2018-16328)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted     file. (CVE-2018-16749)

  - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c     was found. (CVE-2018-16750)

  - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36     0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory     resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

  - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the     function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

  - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in     WritePDFImage in coders/pdf.c. (CVE-2019-7397)

  - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a     crafted image file. (CVE-2019-10650)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure     via a crafted image file. (CVE-2019-11597)

  - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the     header indicates neither LSB first nor MSB first. (CVE-2019-11472)

  - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of     coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via     a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

  - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

  - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)

  - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

  - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)

  - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

  - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which     allows attackers to cause a denial of service. (CVE-2017-12805)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which     allows attackers to cause a denial of service. (CVE-2017-12806)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in     coders/viff.c. (CVE-2019-13134)

  - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage     in coders/cut.c. (CVE-2019-13135)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
    (CVE-2019-13133)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
    (CVE-2019-13454)

  - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage     in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted     image. (CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in     coders/pango.c. (CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
    (CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns. (CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
    (CVE-2019-13311)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in     MagickWand/mogrify.c. (CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage     error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows. (CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors. (CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one error. (CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment. (CVE-2019-13304)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
    (CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

  - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the     formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end     of the buffer or to crash the program. (CVE-2019-10131)

  - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of     coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image     file. (CVE-2019-9956)

  - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service     (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This     occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
    (CVE-2019-11470)

  - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

  - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

  - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,     with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial     of service via a crafted file. (CVE-2018-20467)

  - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in     the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14980)

  - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in     the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14981)

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the     error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

  - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service     (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to     TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in     tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
    (CVE-2019-15141)

  - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-     free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that     is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)

  - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in     ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than     CVE-2019-11472. (CVE-2019-15139)

  - The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can     cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD     file. (CVE-2017-11166)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of     coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of     coders/sgi.c. (CVE-2019-19948)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

  - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in     MagickCore/memory.c. (CVE-2019-16710)

  - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

  - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by     WritePS3Image. (CVE-2019-16712)

  - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in     MagickCore/constitute.c. (CVE-2019-16713)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadBMPImage in     coders/bmp.c.(CVE-2019-13133)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadVIFFImage in     coders/viff.c.(CVE-2019-13134)

  - ImageMagick version 7.0.7-28 contains a memory leak in     WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

  - In ImageMagick 7.0.7-28, there is an infinite loop in     the ReadOneMNGImage function of the coders/png.c file.
    Remote attackers could leverage this vulnerability to     cause a denial of service via a crafted mng     file.(CVE-2018-10177)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL     check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob     assertion failure and application exit) via a crafted     file.(CVE-2018-16749)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WritePSDChannel in coders/psd.c.(CVE-2019-7395)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

  - A NULL pointer dereference in the function     ReadPANGOImage in coders/pango.c and the function     ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34     allows remote attackers to cause a denial of service     via a crafted image.(CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in     the WriteDPXImage function in     coders/dpx.c.(CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the     ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the WriteJP2Image function in     coders/jp2.c.(CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the ReadPANGOImage function in     coders/pango.c.(CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in     magick/image.c.(CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadPSImage in     coders/ps.c.(CVE-2019-13137)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is     mishandled.(CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is     mishandled.(CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns.(CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment.(CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one     error.(CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors.(CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows.(CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in     AcquireMagickMemory because of an AnnotateImage     error.(CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of mishandling the     NoSuchImage error in CLIListOperatorImages in     MagickWand/operation.c.(CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c.(CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of a wand/mogrify.c     error.(CVE-2019-13311)

  - In ImageMagick 7.0.8-50 Q16, ComplexImages in     MagickCore/fourier.c has a heap-based buffer over-read     because of incorrect calls to     GetCacheViewVirtualPixels.(CVE-2019-13391)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow in MagickCore/fourier.c in     ComplexImage.(CVE-2019-13308)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in     RemoveDuplicateLayers in     MagickCore/layer.c.(CVE-2019-13454)

  - ImageMagick version 7.0.7-28 contains a memory leak in     ReadYCBCRImage in coders/ycbcr.c.(CVE-2018-10805)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1497 advisory.

  - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in     coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

  - The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can     cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD     file. (CVE-2017-11166)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which     allows attackers to cause a denial of service. (CVE-2017-12805)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which     allows attackers to cause a denial of service. (CVE-2017-12806)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18251)

  - An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows     attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via     a crafted file. (CVE-2017-18252)

  - An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function     WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted     file. (CVE-2017-18254)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted MIFF image file. (CVE-2017-18271)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function     ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a     crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)

  - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng     file. (CVE-2018-10177)

  - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

  - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

  - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in     coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
    (CVE-2018-11656)

  - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12599)

  - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out     of bounds write via a crafted file. (CVE-2018-12600)

  - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
    (CVE-2018-13153)

  - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

  - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)

  - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

  - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)

  - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36     0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory     resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

  - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in     MagickCore/log.c. (CVE-2018-16328)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted     file. (CVE-2018-16749)

  - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c     was found. (CVE-2018-16750)

  - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the     function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

  - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,     with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial     of service via a crafted file. (CVE-2018-20467)

  - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of     service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact     via a crafted file. (CVE-2018-8804)

  - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions     (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could     leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)

  - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the     formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end     of the buffer or to crash the program. (CVE-2019-10131)

  - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a     crafted image file. (CVE-2019-10650)

  - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service     (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This     occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
    (CVE-2019-11470)

  - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the     header indicates neither LSB first nor MSB first. (CVE-2019-11472)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of     coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure     via a crafted image file. (CVE-2019-11597)

  - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of     coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via     a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

  - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage     in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted     image. (CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
    (CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in     coders/pango.c. (CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
    (CVE-2019-13133)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in     coders/viff.c. (CVE-2019-13134)

  - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage     in coders/cut.c. (CVE-2019-13135)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns. (CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
    (CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment. (CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one error. (CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors. (CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows. (CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage     error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in     MagickWand/mogrify.c. (CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
    (CVE-2019-13311)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
    (CVE-2019-13454)

  - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in     the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14980)

  - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in     the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14981)

  - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows     attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in     ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than     CVE-2019-11472. (CVE-2019-15139)

  - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-     free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that     is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)

  - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service     (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to     TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in     tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
    (CVE-2019-15141)

  - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in     MagickCore/memory.c. (CVE-2019-16710)

  - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

  - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by     WritePS3Image. (CVE-2019-16712)

  - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in     MagickCore/constitute.c. (CVE-2019-16713)

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the     error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of     coders/sgi.c. (CVE-2019-19948)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of     coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

  - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

  - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in     WritePDFImage in coders/pdf.c. (CVE-2019-7397)

  - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

  - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of     coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image     file. (CVE-2019-9956)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick version 7.0.7-28 contains a memory leak in     ReadYCBCRImage in coders/ycbcr.c.(CVE-2018-10805)

  - ImageMagick version 7.0.7-28 contains a memory leak in     WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

  - In ImageMagick 7.0.7-28, there is an infinite loop in     the ReadOneMNGImage function of the coders/png.c file.
    Remote attackers could leverage this vulnerability to     cause a denial of service via a crafted mng     file.(CVE-2018-10177)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL     check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob     assertion failure and application exit) via a crafted     file.(CVE-2018-16749)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WritePSDChannel in coders/psd.c.(CVE-2019-7395)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

  - A NULL pointer dereference in the function     ReadPANGOImage in coders/pango.c and the function     ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34     allows remote attackers to cause a denial of service     via a crafted image.(CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in     the WriteDPXImage function in     coders/dpx.c.(CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the     ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the WriteJP2Image function in     coders/jp2.c.(CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the ReadPANGOImage function in     coders/pango.c.(CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in     magick/image.c.(CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak     vulnerability in the function ReadPSImage in     coders/ps.c.(CVE-2019-13137)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is     mishandled.(CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is     mishandled.(CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns.(CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment.(CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one     error.(CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors.(CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows.(CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in     AcquireMagickMemory because of an AnnotateImage     error.(CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of mishandling the     NoSuchImage error in CLIListOperatorImages in     MagickWand/operation.c.(CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c.(CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of a wand/mogrify.c     error.(CVE-2019-13311)

  - In ImageMagick 7.0.8-50 Q16, ComplexImages in     MagickCore/fourier.c has a heap-based buffer over-read     because of incorrect calls to     GetCacheViewVirtualPixels.(CVE-2019-13391)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow in MagickCore/fourier.c in     ComplexImage.(CVE-2019-13308)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in     RemoveDuplicateLayers in     MagickCore/layer.c.(CVE-2019-13454)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Debian Bug : 870020 870019 876105 869727 886281 873059 870504 870530 870107 872609 875338 875339 875341 873871 873131 875352 878506 875503 875502 876105 876099 878546 878545 877354 877355 878524 878547 878548 878555 878554 878548 878555 878554 878579 885942 886584 928206 941670 931447 932079

Several security vulnerabilities were found in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory or CPU exhaustion, information disclosure or potentially the execution of arbitrary code when a malformed image file is processed.

For Debian 9 stretch, these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u10.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL     check in ReadOneJNGImage in coders/png.c allows an     attacker to cause a denial of service (WriteBlob     assertion failure and application exit) via a crafted     file.(CVE-2018-16749)

  - A NULL pointer dereference in the function     ReadPANGOImage in coders/pango.c and the function     ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34     allows remote attackers to cause a denial of service     via a crafted image.(CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak in the     ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of mishandling the     NoSuchImage error in CLIListOperatorImages in     MagickWand/operation.c.(CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of an error in     MagickWand/mogrify.c.(CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at     AcquireMagickMemory because of a wand/mogrify.c     error.(CVE-2019-13311)

  - In ImageMagick 7.0.7-28, there is an infinite loop in     the ReadOneMNGImage function of the coders/png.c file.
    Remote attackers could leverage this vulnerability to     cause a denial of service via a crafted mng     file.(CVE-2018-10177)

  - ImageMagick version 7.0.7-28 contains a memory leak in     WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WritePSDChannel in coders/psd.c.(CVE-2019-7395)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

  - In ImageMagick before 7.0.8-25, a memory leak exists in     WriteDIBImage in coders/dib.c.(CVE-2019-7398)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the WriteJP2Image function in     coders/jp2.c.(CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the ReadPANGOImage function in     coders/pango.c.(CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a 'use of uninitialized value'     vulnerability in the SyncImageSettings function in     MagickCore/image.c. This is related to AcquireImage in     magick/image.c.(CVE-2019-12979)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a width of zero is     mishandled.(CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     over-read at MagickCore/threshold.c in     AdaptiveThresholdImage because a height of zero is     mishandled.(CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling columns.(CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced assignment.(CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of a     misplaced strncpy and an off-by-one     error.(CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer     overflow at coders/pnm.c in WritePNMImage because of     off-by-one errors.(CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow at MagickCore/statistic.c in EvaluateImages     because of mishandling rows.(CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer     overflow in MagickCore/fourier.c in     ComplexImage.(CVE-2019-13308)

  - In ImageMagick 7.0.8-50 Q16, ComplexImages in     MagickCore/fourier.c has a heap-based buffer over-read     because of incorrect calls to     GetCacheViewVirtualPixels.(CVE-2019-13391)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18254)

An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252)

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. (CVE-2017-18251)

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)

ImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)

The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. (CVE-2018-13153)

ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
(CVE-2018-14435)

ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
(CVE-2018-14437)

ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. (CVE-2019-13311)

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. (CVE-2019-17540)

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
(CVE-2019-14980)

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. (CVE-2019-14981)

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
(CVE-2019-9956)

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
(CVE-2019-7397)

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
(CVE-2019-11597)

In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2019-15140)

In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. (CVE-2019-13133)

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)

ImageMagick before 7.0.8-50 has a 'use of uninitialized value' vulnerability in the function ReadCUTImage in coders/cut.c.
(CVE-2019-13135)

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271)

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273)

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
(CVE-2019-16710)

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. (CVE-2019-12975)

The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. (CVE-2019-11470)

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)

WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)

ImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. (CVE-2019-13454)

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
(CVE-2018-11656)

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
(CVE-2019-13307)

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
(CVE-2019-13306)

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
(CVE-2019-13304)

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. (CVE-2019-13301)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
(CVE-2018-16750)

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133)

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)

* ImageMagick: multiple security vulnerabilities

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory.

  - ImageMagick: CPU exhaustion vulnerability in function     ReadDDSInfo in coders/dds.c (CVE-2017-1000476)

  - ImageMagick: memory leak vulnerability in ReadXWDImage     function in coders/xwd.c (CVE-2017-11166)

  - ImageMagick: memory exhaustion in function ReadTIFFImage     causing denial of service (CVE-2017-12805)

  - ImageMagick: memory exhaustion in function format8BIM     causing denial of service (CVE-2017-12806)

  - ImageMagick: memory leak in ReadPCDImage function in     coders/pcd.c (CVE-2017-18251)

  - ImageMagick: assertion failure in MogrifyImageList     function in MagickWand/mogrify.c (CVE-2017-18252)

  - ImageMagick: memory leak in WriteGIFImage function in     coders/gif.c (CVE-2017-18254)

  - ImageMagick: infinite loop in ReadMIFFImage function in     coders/miff.c (CVE-2017-18271)

  - ImageMagick: infinite loop ReadTXTImage  in function in     coders/txt.c (CVE-2017-18273)

  - ImageMagick: Infinite loop in     coders/png.c:ReadOneMNGImage() allows attackers to cause     a denial of service via crafted MNG file     (CVE-2018-10177)

  - ImageMagick: Memory leak in WriteTIFFImage     (CVE-2018-10804)

  - ImageMagick: Memory leak in ReadYCBCRImage     (CVE-2018-10805)

  - ImageMagick: memory leak in ReadDCMImage function in     coders/dcm.c (CVE-2018-11656)

  - ImageMagick: out of bounds write in ReadBMPImage and     WriteBMPImage in coders/bmp.c (CVE-2018-12599)

  - ImageMagick: out of bounds write ReadDIBImage and     WriteDIBImage in coders/dib.c (CVE-2018-12600)

  - ImageMagick: memory leak in the XMagickCommand function     in MagickCore/animate.c (CVE-2018-13153)

  - ImageMagick: memory leak for a colormap in WriteMPCImage     in coders/mpc.c (CVE-2018-14434)

  - ImageMagick: memory leak in DecodeImage in coders/pcd.c     (CVE-2018-14435)

  - ImageMagick: memory leak in ReadMIFFImage in     coders/miff.c (CVE-2018-14436)

  - ImageMagick: memory leak in parse8BIM in coders/meta.c     (CVE-2018-14437)

  - ImageMagick: CPU Exhaustion via crafted input file     (CVE-2018-15607)

  - ImageMagick: NULL pointer dereference in     CheckEventLogging function in MagickCore/log.c     (CVE-2018-16328)

  - ImageMagick: reachable assertion in ReadOneJNGImage in     coders/png.c (CVE-2018-16749)

  - ImageMagick: Memory leak in the formatIPTCfromBuffer     function in coders/meta.c (CVE-2018-16750)

  - ImageMagick: memory leak in WriteMSLImage of     coders/msl.c (CVE-2018-18544)

  - ImageMagick: infinite loop in coders/bmp.c     (CVE-2018-20467)

  - ImageMagick: double free in WriteEPTImage function in     coders/ept.c (CVE-2018-8804)

  - ImageMagick: excessive iteration in the DecodeLabImage     and EncodeLabImage functions in coders/tiff.c     (CVE-2018-9133)

  - ImageMagick: off-by-one read in formatIPTCfromBuffer     function in coders/meta.c (CVE-2019-10131)

  - ImageMagick: heap-based buffer over-read in     WriteTIFFImage of coders/tiff.c leads to denial of     service or information disclosure via crafted image file     (CVE-2019-10650)

  - ImageMagick: denial of service in cineon parsing     component (CVE-2019-11470)

  - ImageMagick: denial of service in ReadXWDImage in     coders/xwd.c in the XWD image parsing component     (CVE-2019-11472)

  - ImageMagick: heap-based buffer over-read in the function     WriteTIFFImage of coders/tiff.c leading to DoS or     information disclosure (CVE-2019-11597)

  - ImageMagick: heap-based buffer over-read in the function     WritePNMImage of coders/pnm.c leading to DoS or     information disclosure (CVE-2019-11598)

  - imagemagick: null-pointer dereference in function     ReadPANGOImage in coders/pango.c and ReadVIDImage in     coders/vid.c causing denial of service (CVE-2019-12974)

  - imagemagick: memory leak vulnerability in function     WriteDPXImage in coders/dpx.c (CVE-2019-12975)

  - imagemagick: memory leak vulnerability in function     ReadPCLImage in coders/pcl.c (CVE-2019-12976)

  - imagemagick: use of uninitialized value in function     ReadPANGOImage in coders/pango.c (CVE-2019-12978)

  - imagemagick: use of uninitialized value in     functionSyncImageSettings in MagickCore/image.c     (CVE-2019-12979)

  - ImageMagick: a memory leak vulnerability in the function     ReadBMPImage in coders/bmp.c (CVE-2019-13133)

  - ImageMagick: a memory leak vulnerability in the function     ReadVIFFImage in coders/viff.c (CVE-2019-13134)

  - ImageMagick: a use of uninitialized value     vulnerability in the function ReadCUTImage leading to a     crash and DoS (CVE-2019-13135)

  - ImageMagick: heap-based buffer over-read at     MagickCore/threshold.c in AdaptiveThresholdImage because     a width of zero is mishandled (CVE-2019-13295)

  - ImageMagick: heap-based buffer over-read at     MagickCore/threshold.c in AdaptiveThresholdImage because     a height of zero is mishandled (CVE-2019-13297)

  - ImageMagick: heap-based buffer overflow at     MagickCore/statistic.c in EvaluateImages because of     mishandling columns (CVE-2019-13300)

  - ImageMagick: memory leaks in AcquireMagickMemory     (CVE-2019-13301)

  - ImageMagick: stack-based buffer overflow at coders/pnm.c     in WritePNMImage because of a misplaced assignment     (CVE-2019-13304)

  - ImageMagick: stack-based buffer overflow at coders/pnm.c     in WritePNMImage because of a misplaced strncpy and an     off-by-one error (CVE-2019-13305)

  - ImageMagick: stack-based buffer overflow at coders/pnm.c     in WritePNMImage because of off-by-one errors     (CVE-2019-13306)

  - ImageMagick: heap-based buffer overflow at     MagickCore/statistic.c in EvaluateImages because of     mishandling rows (CVE-2019-13307)

  - ImageMagick: memory leaks at AcquireMagickMemory due to     mishandling the NoSuchImage error in     CLIListOperatorImages (CVE-2019-13309)

  - ImageMagick: memory leaks at AcquireMagickMemory because     of an error in MagickWand/mogrify.c (CVE-2019-13310)

  - ImageMagick: memory leaks at AcquireMagickMemory because     of a wand/mogrify.c error (CVE-2019-13311)

  - ImageMagick: division by zero in RemoveDuplicateLayers     in MagickCore/layer.c (CVE-2019-13454)

  - ImageMagick: use-after-free in magick/blob.c resulting     in a denial of service (CVE-2019-14980)

  - ImageMagick: division by zero in MeanShiftImage in     MagickCore/feature.c (CVE-2019-14981)

  - ImageMagick: out-of-bounds read in ReadXWDImage in     coders/xwd.c (CVE-2019-15139)

  - ImageMagick: Use after free in ReadMATImage in     coders/mat.c (CVE-2019-15140)

  - ImageMagick: heap-based buffer overflow in     WriteTIFFImage in coders/tiff.c (CVE-2019-15141)

  - ImageMagick: memory leak in magick/xwindow.c     (CVE-2019-16708)

  - ImageMagick: memory leak in coders/dps.c     (CVE-2019-16709)

  - ImageMagick: memory leak in coders/dot.c     (CVE-2019-16710, CVE-2019-16713)

  - ImageMagick: memory leak in Huffman2DEncodeImage in     coders/ps2.c (CVE-2019-16711)

  - ImageMagick: memory leak in Huffman2DEncodeImage in     coders/ps3.c (CVE-2019-16712)

  - ImageMagick: heap-based buffer overflow in ReadPSInfo in     coders/ps.c (CVE-2019-17540)

  - ImageMagick: Use after free in ReadICCProfile function     in coders/jpeg.c (CVE-2019-17541)

  - ImageMagick: heap-based buffer overflow in WriteSGIImage     in coders/sgi.c (CVE-2019-19948)

  - ImageMagick: heap-based buffer over-read in     WritePNGImage in coders/png.c (CVE-2019-19949)

  - imagemagick: memory leak in function DecodeImage in     coders/pcd.c (CVE-2019-7175)

  - ImageMagick: Memory leak in the WritePDFImage function     in coders/pdf.c (CVE-2019-7397)

  - ImageMagick: Memory leak in the WriteDIBImage function     in coders/dib.c (CVE-2019-7398)

  - imagemagick: stack-based buffer overflow in function     PopHexPixel in coders/ps.c (CVE-2019-9956)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-25. It is, therefore, affected by multiple vulnerabilities:

  - A denial of service (DoS) vulnerability exists in coders/pcd.c     due to a memory leak in DecodeImage. An unauthenticated, remote     attacker can exploit this issue to cause the application to stop     responding. (CVE-2019-7175)

  - A denial of service (DoS) vulnerability exists in coders/png.c     due to a missing null check, a memory leak. An unauthenticated,     remote attacker can exploit this issue, via null PNG Images, to     cause the application to stop responding. (CVE-2018-16749)     (CVE-2019-7395)

  - A denial of service (DoS) vulnerability exists in coders/sixel.c     due to a memory leak in ReadSIXELImage. An unauthenticated,     remote attacker can exploit this issue to cause the application     to stop responding.(CVE-2019-7396)

  - A denial of service (DoS) vulnerability exists in coders/pdf.c     due to a memory leak in WritePDFImage. An unauthenticated,     remote attacker can exploit this issue to cause the application     to stop responding.(CVE-2019-7397)

  - A denial of service (DoS) vulnerability exists in coders/dib.c     due to a memory leak in WriteDIBImage. An unauthenticated,     remote attacker can exploit this issue to cause the application     to stop responding.(CVE-2019-7397)

.

This update for ImageMagick fixes the following security issue :

CVE-2017-17934: Prevent memory leaks, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls (bsc#1074170).

CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283)

CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282)

CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989).

CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855)

CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616)

CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612)

CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609)

CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604)

CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file (bsc#1111069)

CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072)

CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747)

CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following security issues :

  - CVE-2017-11532: Prevent a memory leak vulnerability in     the WriteMPCImage() function in coders/mpc.c via a     crafted file allowing for DoS (bsc#1050129)

  - CVE-2018-16750: Prevent memory leak in the     formatIPTCfromBuffer function (bsc#1108283)

  - CVE-2018-16749: Added missing NULL check in     ReadOneJNGImage that allowed an attacker to cause a     denial of service (WriteBlob assertion failure and     application exit) via a crafted file (bsc#1108282)

  - CVE-2018-16642: The function InsertRow allowed remote     attackers to cause a denial of service via a crafted     image file due to an out-of-bounds write (bsc#1107616)

  - CVE-2018-16640: Prevent memory leak in the function     ReadOneJNGImage (bsc#1107619)

  - CVE-2018-16643: The functions ReadDCMImage,     ReadPWPImage, ReadCALSImage, and ReadPICTImage did check     the return value of the fputc function, which allowed     remote attackers to cause a denial of service via a     crafted image file (bsc#1107612)

  - CVE-2018-16644: Added missing check for length in the     functions ReadDCMImage and ReadPICTImage, which allowed     remote attackers to cause a denial of service via a     crafted image (bsc#1107609)

  - CVE-2018-16645: Prevent excessive memory allocation     issue in the functions ReadBMPImage and ReadDIBImage,     which allowed remote attackers to cause a denial of     service via a crafted image file (bsc#1107604)

  - CVE-2018-16413: Prevent heap-based buffer over-read in     the PushShortPixel function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like formats to 'write' only. (bsc#1105592)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following security issues :

CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129)

CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283)

CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282)

CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616)

CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619)

CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612)

CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609)

CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604)

CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989)

This update also relaxes the restrictions of use of Postscript like formats to 'write' only. (bsc#1105592)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration.

It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. (CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-16640, CVE-2018-16750)

It was discovered that ImageMagick did not properly initialize a variable before using it when processing MAT images. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14551)

It was discovered that an information disclosure vulnerability existed in ImageMagick when processing XBM images. An attacker could use this to expose sensitive information. (CVE-2018-16323)

It was discovered that an out-of-bounds write vulnerability existed in ImageMagick when handling certain images. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
(CVE-2018-16642)

It was discovered that ImageMagick did not properly check for errors in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16643)

It was discovered that ImageMagick did not properly validate image meta data in some situations. An attacker could use this to cause a denial of service. (CVE-2018-16644)

It was discovered that ImageMagick did not prevent excessive memory allocation when handling certain image types. An attacker could use this to cause a denial of service. (CVE-2018-16645)

Sergej Schumilo and Cornelius Aschermann discovered that ImageMagick did not properly check for NULL in some situations when processing PNG images. An attacker could use this to cause a denial of service.
(CVE-2018-16749)

USN-3681-1 fixed vulnerabilities in Imagemagick. Unfortunately, the fix for CVE-2017-13144 introduced a regression in ImageMagick in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This update reverts the fix for CVE-2017-13144 for those releases.

We apologize for the inconvenience.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several security vulnerabilities were discovered in ImageMagick, an image manipulation program, that allow remote attackers to cause denial of service (application crash, excessive memory allocation, or other unspecified effects) or out of bounds memory access via DCM, PWP, CALS, PICT, BMP, DIB, or PNG image files.

For Debian 8 'Jessie', these problems have been fixed in version 8:6.8.9.9-5+deb8u14.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following security issue :

  - CVE-2018-16750: Prevent memory leak in the     formatIPTCfromBuffer function (bsc#1108283).

An earlier update added a change that also fixed this issues that was unknown at the time of release :

  - CVE-2018-16749: Added missing NULL check in     ReadOneJNGImage that allowed an attacker to cause a     denial of service (WriteBlob assertion failure and     application exit) via a crafted file (bsc#1108282).

ID	Name	Product	Family	Severity
143991	NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0119)	Nessus	NewStart CGSL Local Security Checks	high
143964	NewStart CGSL CORE 5.04 / MAIN 5.04 : ImageMagick Multiple Vulnerabilities (NS-SA-2020-0079)	Nessus	NewStart CGSL Local Security Checks	high
142319	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2020-2349)	Nessus	Huawei Local Security Checks	medium
141987	Amazon Linux 2 : ImageMagick (ALAS-2020-1497)	Nessus	Amazon Linux Local Security Checks	high
140857	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-2090)	Nessus	Huawei Local Security Checks	medium
140297	Debian DLA-2366-1 : imagemagick security update	Nessus	Debian Local Security Checks	high
139136	EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2020-1806)	Nessus	Huawei Local Security Checks	medium
138633	Amazon Linux AMI : php-pecl-imagick (ALAS-2020-1391)	Nessus	Amazon Linux Local Security Checks	high
135797	Scientific Linux Security Update : ImageMagick on SL7.x x86_64 (20200407)	Nessus	Scientific Linux Local Security Checks	high
135354	CentOS 7 : ImageMagick / autotrace / emacs / inkscape (CESA-2020:1180)	Nessus	CentOS Local Security Checks	high
135041	RHEL 7 : ImageMagick (RHSA-2020:1180)	Nessus	Red Hat Local Security Checks	high
122248	ImageMagick < 7.0.8-25 Multiple Vulnerabilities	Nessus	Windows	medium
118354	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:3348-1)	Nessus	SuSE Local Security Checks	medium
118192	openSUSE Security Update : ImageMagick (openSUSE-2018-1181)	Nessus	SuSE Local Security Checks	medium
118078	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3095-1)	Nessus	SuSE Local Security Checks	medium
117935	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : imagemagick vulnerabilities (USN-3785-1)	Nessus	Ubuntu Local Security Checks	high
117907	Debian DLA-1530-1 : imagemagick security update	Nessus	Debian Local Security Checks	medium
117693	openSUSE Security Update : GraphicsMagick (openSUSE-2018-1045)	Nessus	SuSE Local Security Checks	medium

CVE-2018-16749

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins