Alpine: multiple imagemagick packages: security update to 6.9.5.3

critical Tenable Cloud Security Plugin ID 404941

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a
denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset
variable. (CVE-2016-5841)

- coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-
bounds read) via a crafted TIFF file. (CVE-2016-5010)

- The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows
remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
(CVE-2016-5687)

- The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows
remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check,
which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation
in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. (CVE-2016-5688)

- The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have
unspecified impact by leveraging lack of NULL pointer checks. (CVE-2016-5689)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-5010

https://security.alpinelinux.org/vuln/CVE-2016-5687

https://security.alpinelinux.org/vuln/CVE-2016-5688

https://security.alpinelinux.org/vuln/CVE-2016-5689

https://security.alpinelinux.org/vuln/CVE-2016-5690

https://security.alpinelinux.org/vuln/CVE-2016-5691

https://security.alpinelinux.org/vuln/CVE-2016-5841

https://security.alpinelinux.org/vuln/CVE-2016-5842

https://security.alpinelinux.org/vuln/CVE-2016-6491

Plugin Details

Severity: Critical

ID: 404941

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 3/12/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5841

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/17/2016

Reference Information

CVE: CVE-2016-5010, CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491

BID: 91283, 91394, 92186, 92724

IAVB: 2016-B-0104-S