ImageMagick < 6.7.6-3 Multiple Vulnerabilities

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple vulnerabilities.

Description :

The remote Windows host is running a version of ImageMagick earlier
than 6.7.6-3 and is, therefore, affected by the following
vulnerabilities :

- An error exists in the function 'GetEXIFProperty' in
the file 'magick/property.c' that can cause the
application to crash when processing JPEG 'EXIF' data.
(CVE-2012-0259)

- An error exists in the function 'JPEGWarningHandler' in
the file 'coders/jpeg.c' that can cause the application
to consume large amounts of resources when handling JPEG
'restart' markers. (CVE-2012-0260)

- An error exists in the function 'TIFFGetEXIFProperties'
in the file 'coders/tiff.c' that can cause the
application crash when processing TIFF 'EXIF' 'IFD'
data. (CVE-2012-1798)

See also :

http://www.cert.fi/en/reports/2012/vulnerability635606.html
http://www.nessus.org/u?e13122e9
http://www.imagemagick.org/script/changelog.php

Solution :

Upgrade to ImageMagick version 6.7.6-3 or later.

Note that you may need to manually uninstall the vulnerable version
from the system.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 59370 ()

Bugtraq ID: 52898

CVE ID: CVE-2012-0259
CVE-2012-0260
CVE-2012-1798

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now