ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

The remote host is affected by the vulnerability described in GLSA-202405-02 (ImageMagick: Multiple Vulnerabilities)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-     accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File     Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of     service and information disclosure. (CVE-2022-0284)

  - A heap-buffer-overflow flaw was found in ImageMagick's PushShortPixel() function of quantum-private.h     file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to     ImageMagick for conversion, potentially leading to a denial of service. (CVE-2022-1115)

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in     MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This     was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF     file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),     the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for     resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary     has permissions to read it). (CVE-2022-44268)

  - A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function     in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an     out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
    (CVE-2023-1906)

  - A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the     application crashing. (CVE-2023-2157)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A vulnerability was found in ImageMagick. This security flaw causes a shell command injection     vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. (CVE-2023-34153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4634-1 advisory.

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote     attackers to cause a denial of service via converting of crafted image file to pcx format.
    (CVE-2020-21679)

  - A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an     attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through     a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in     sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image     file that is submitted by an attacker processed by an application using ImageMagick. The highest threat     from this vulnerability is to system availability. (CVE-2021-20311)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-     accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File     Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of     service and information disclosure. (CVE-2022-0284)

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in     MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This     was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),     the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for     resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary     has permissions to read it). (CVE-2022-44268)

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a     segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to     a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When     ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file     contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of     size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will     generate about 10G. (CVE-2023-1289)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-     private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file,     triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of     service. (CVE-2023-3745)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5736-2 advisory.

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20245)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert     command, ASAN detects memory leaks. (CVE-2021-3574)

  - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you     may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and     in certain cases, Postscript files could be read and written when specifically excluded by a `module`     policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been     resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`     policy and instead use the `coder` policy that is also our workaround recommendation: <policy     domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This     vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for     conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 ESM / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6200-1 advisory.

  - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows     setting a password for password-protected PDF files. The user-controlled password was not properly     escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
    (CVE-2020-29599)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in     ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which     can lead to a crash and segmentation fault. (CVE-2021-3610)

  - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you     may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and     in certain cases, Postscript files could be read and written when specifically excluded by a `module`     policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been     resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`     policy and instead use the `coder` policy that is also our workaround recommendation: <policy     domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a     segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to     a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When     ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file     contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of     size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will     generate about 10G. (CVE-2023-1289)

  - A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function     in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an     out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
    (CVE-2023-1906)

  - A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker     to trick the user into opening a specially crafted malicious tiff file, causing an application to crash,     resulting in a denial of service. (CVE-2023-3195)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3429 advisory.

  - A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an     attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through     a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20245)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you     may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and     in certain cases, Postscript files could be read and written when specifically excluded by a `module`     policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been     resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`     policy and instead use the `coder` policy that is also our workaround recommendation: <policy     domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-3.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1696 advisory.

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert     command, ASAN detects memory leaks. (CVE-2021-3574)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),     the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for     resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary     has permissions to read it). (CVE-2022-44268)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1971 advisory.

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert     command, ASAN detects memory leaks. (CVE-2021-3574)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5736-1 advisory.

  - A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert     command, ASAN detects memory leaks. (CVE-2021-3574)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20245)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you     may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and     in certain cases, Postscript files could be read and written when specifically excluded by a `module`     policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been     resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`     policy and instead use the `coder` policy that is also our workaround recommendation: <policy     domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  - A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This     vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for     conversion, potentially leading to information disclosure and a denial of service. (CVE-2022-1114)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2998-1 advisory.

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in     MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This     was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5456-1 advisory.

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1885-1 advisory.

  - In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1762-1 advisory.

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3007 advisory.

  - A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage()     in coders/svg.c. This issue is due to not checking the return value from libxml2's     xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
    (CVE-2021-3596)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
194973	GLSA-202405-02 : ImageMagick: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
186519	SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2023:4634-1)	Nessus	SuSE Local Security Checks	high
183723	Ubuntu 20.04 ESM / 22.04 ESM : ImageMagick vulnerabilities (USN-5736-2)	Nessus	Ubuntu Local Security Checks	high
177934	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 ESM / 23.04 : ImageMagick vulnerabilities (USN-6200-1)	Nessus	Ubuntu Local Security Checks	high
176199	Debian DLA-3429-1 : imagemagick - LTS security update	Nessus	Debian Local Security Checks	high
172217	Amazon Linux AMI : ImageMagick (ALAS-2023-1696)	Nessus	Amazon Linux Local Security Checks	high
172168	Amazon Linux 2 : ImageMagick (ALAS-2023-1971)	Nessus	Amazon Linux Local Security Checks	high
168160	Ubuntu 16.04 ESM / 18.04 LTS : ImageMagick vulnerabilities (USN-5736-1)	Nessus	Ubuntu Local Security Checks	high
164659	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2022:2998-1)	Nessus	SuSE Local Security Checks	high
161759	Ubuntu 16.04 ESM / 18.04 LTS : ImageMagick vulnerability (USN-5456-1)	Nessus	Ubuntu Local Security Checks	high
161735	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2022:1885-1)	Nessus	SuSE Local Security Checks	high
161423	SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2022:1762-1)	Nessus	SuSE Local Security Checks	high
161205	Debian DLA-3007-1 : imagemagick - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-28463

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high