ImageMagick 6.x < 6.9.4-3 / 7.x < 7.0.1-4 Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of ImageMagick installed on the remote Windows host is 6.x
prior to 6.9.4-3 or 7.x prior to 7.0.1-4. It is, therefore, affected
by the following vulnerabilities :

- An out-of-bounds read error exists in the
VerticalFilter() function in coders/dds.c due to
improper handling of malformed DDS files. An
unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted DDS file,
to crash processes linked against the library, resulting
in a denial of service condition. (CVE-2016-5687)

- An overflow condition exists in the ReadWPGImage()
function in coders/wpg.c due to improper validation of
user-supplied input when handling WPG files. An
unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted WPG file,
to cause a denial of service condition or the execution
of arbitrary code. (CVE-2016-5688, VulnDB 140068)

- An invalid write error exists in the OpenPixelCache()
function in MagickCore/cache.c due to improper handling
of resources. An unauthenticated, remote attacker can
exploit this to cause a denial of service condition or
the execution of arbitrary code. (CVE-2016-5688,
VulnDB 140069)

See also :

http://www.imagemagick.org/script/changelog.php
http://www.nessus.org/u?0b5f3426

Solution :

Upgrade to ImageMagick version 6.9.4-3 / 7.0.1-4 or later.

Note that you may need to manually uninstall the vulnerable version
from the system.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 91818 ()

Bugtraq ID: 91283

CVE ID: CVE-2016-5687
CVE-2016-5688

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now