Detections
Analytics

Alpine: imagemagick6: security update to 6.9.10.39-r0

critical Tenable Cloud Security Plugin ID 404969

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in
 MagickCore/property.c. (CVE-2018-16329)

 - In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
 (CVE-2018-5246)

 - In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. (CVE-2018-5247)

 - ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. (CVE-2018-5357)

 - ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as
 demonstrated by the ReadPSDLayersInternal function in coders/psd.c. (CVE-2018-5358)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-5246

https://security.alpinelinux.org/vuln/CVE-2018-5247

https://security.alpinelinux.org/vuln/CVE-2018-5357

https://security.alpinelinux.org/vuln/CVE-2018-5358

https://security.alpinelinux.org/vuln/CVE-2018-6405

https://security.alpinelinux.org/vuln/CVE-2018-7443

https://security.alpinelinux.org/vuln/CVE-2018-7470

https://security.alpinelinux.org/vuln/CVE-2018-8804

https://security.alpinelinux.org/vuln/CVE-2018-8960

https://security.alpinelinux.org/vuln/CVE-2018-9133

https://security.alpinelinux.org/vuln/CVE-2018-9135

https://security.alpinelinux.org/vuln/CVE-2018-12599

https://security.alpinelinux.org/vuln/CVE-2018-12600

https://security.alpinelinux.org/vuln/CVE-2018-13153

https://security.alpinelinux.org/vuln/CVE-2018-14434

https://security.alpinelinux.org/vuln/CVE-2018-14435

https://security.alpinelinux.org/vuln/CVE-2018-14436

https://security.alpinelinux.org/vuln/CVE-2018-14437

https://security.alpinelinux.org/vuln/CVE-2018-14551

https://security.alpinelinux.org/vuln/CVE-2018-15607

https://security.alpinelinux.org/vuln/CVE-2018-16329

https://security.alpinelinux.org/vuln/CVE-2018-16412

https://security.alpinelinux.org/vuln/CVE-2018-16413

https://security.alpinelinux.org/vuln/CVE-2018-16640

https://security.alpinelinux.org/vuln/CVE-2018-16642

https://security.alpinelinux.org/vuln/CVE-2018-16643

https://security.alpinelinux.org/vuln/CVE-2018-16644

https://security.alpinelinux.org/vuln/CVE-2018-16645

https://security.alpinelinux.org/vuln/CVE-2018-16749

https://security.alpinelinux.org/vuln/CVE-2018-16750

https://security.alpinelinux.org/vuln/CVE-2018-17965

https://security.alpinelinux.org/vuln/CVE-2018-17966

https://security.alpinelinux.org/vuln/CVE-2018-17967

https://security.alpinelinux.org/vuln/CVE-2018-18016

https://security.alpinelinux.org/vuln/CVE-2018-18024

https://security.alpinelinux.org/vuln/CVE-2018-18025

https://security.alpinelinux.org/vuln/CVE-2018-18544

https://security.alpinelinux.org/vuln/CVE-2018-20467

https://security.alpinelinux.org/vuln/CVE-2019-7175

https://security.alpinelinux.org/vuln/CVE-2019-7395

https://security.alpinelinux.org/vuln/CVE-2019-7396

https://security.alpinelinux.org/vuln/CVE-2019-7397

https://security.alpinelinux.org/vuln/CVE-2019-7398

https://security.alpinelinux.org/vuln/CVE-2019-9956

https://security.alpinelinux.org/vuln/CVE-2019-10649

https://security.alpinelinux.org/vuln/CVE-2019-10650

Plugin Details

Severity: Critical

ID: 404969

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 3/12/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-16329

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/5/2018

Reference Information

CVE: CVE-2018-12599, CVE-2018-12600, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-14551, CVE-2018-15607, CVE-2018-16329, CVE-2018-16412, CVE-2018-16413, CVE-2018-16640, CVE-2018-16642, CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749, CVE-2018-16750, CVE-2018-17965, CVE-2018-17966, CVE-2018-17967, CVE-2018-18016, CVE-2018-18024, CVE-2018-18025, CVE-2018-18544, CVE-2018-20467, CVE-2018-5246, CVE-2018-5247, CVE-2018-5357, CVE-2018-5358, CVE-2018-6405, CVE-2018-7443, CVE-2018-7470, CVE-2018-8804, CVE-2018-8960, CVE-2018-9133, CVE-2018-9135, CVE-2019-10649, CVE-2019-10650, CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397, CVE-2019-7398, CVE-2019-9956

BID: 102469, 102497, 102762, 103498, 103523, 104687, 105137, 105241, 106561, 108492, 106315, 107333, 106850, 106849, 106847, 106848, 107546, 107645, 107646

IAVB: 2019-B-0013-S, 2019-B-0032-S