RHEL 7 : ImageMagick (RHSA-2020:1180)
critical Nessus Plugin ID 135041
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory.- ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476)
- ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166)
- ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805)
- ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806)
- ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251)
- ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252)
- ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254)
- ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271)
- ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273)
- ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177)
- ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804)
- ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805)
- ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656)
- ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)
- ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)
- ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153)
- ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434)
- ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435)
- ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436)
- ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437)
- ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607)
- ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)
- ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c (CVE-2018-16640)
- ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c (CVE-2018-16642)
- ImageMagick: missing check for fputc function in multiple files (CVE-2018-16643)
- ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c (CVE-2018-16644)
- ImageMagick: Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c (CVE-2018-16645)
- ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749)
- ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750)
- ImageMagick: memory leak in WritePDBImage in coders/pdb.c (CVE-2018-17966)
- ImageMagick: memory leak in ReadBGRImage in coders/bgr.c. (CVE-2018-17967)
- ImageMagick: memory leak in WritePCXImage in coders/pcx.c (CVE-2018-18016)
- ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c (CVE-2018-18024)
- ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544)
- ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467)
- ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)
- ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133)
- ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131)
- ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650)
- ImageMagick: denial of service in cineon parsing component (CVE-2019-11470)
- ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472)
- ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597)
- ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598)
- imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974)
- imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975)
- imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976)
- imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978)
- imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979)
- ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133)
- ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134)
- ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135)
- ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295)
- ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297)
- ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300)
- ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301)
- ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304)
- ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305)
- ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306)
- ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307)
- ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309)
- ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310)
- ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311)
- ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454)
- ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980)
- ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)
- ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139)
- ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140)
- ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141)
- ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708)
- ImageMagick: memory leak in coders/dps.c (CVE-2019-16709)
- ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713)
- ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711)
- ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712)
- ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540)
- ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541)
- ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)
- ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949)
- imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175)
- ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397)
- ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398)
- imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://cwe.mitre.org/data/definitions/121.html
https://cwe.mitre.org/data/definitions/200.html
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/119.html
https://cwe.mitre.org/data/definitions/400.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/772.html
https://cwe.mitre.org/data/definitions/617.html
https://cwe.mitre.org/data/definitions/835.html
https://cwe.mitre.org/data/definitions/401.html
https://cwe.mitre.org/data/definitions/193.html
https://cwe.mitre.org/data/definitions/248.html
https://cwe.mitre.org/data/definitions/456.html
https://cwe.mitre.org/data/definitions/369.html
https://cwe.mitre.org/data/definitions/787.html
https://access.redhat.com/errata/RHSA-2020:1180
https://access.redhat.com/security/cve/CVE-2017-1000476
https://access.redhat.com/security/cve/CVE-2017-11166
https://access.redhat.com/security/cve/CVE-2017-12805
https://access.redhat.com/security/cve/CVE-2017-12806
https://access.redhat.com/security/cve/CVE-2017-18251
https://access.redhat.com/security/cve/CVE-2017-18252
https://access.redhat.com/security/cve/CVE-2017-18254
https://access.redhat.com/security/cve/CVE-2017-18271
https://access.redhat.com/security/cve/CVE-2017-18273
https://access.redhat.com/security/cve/CVE-2018-10177
https://access.redhat.com/security/cve/CVE-2018-10804
https://access.redhat.com/security/cve/CVE-2018-10805
https://access.redhat.com/security/cve/CVE-2018-11656
https://access.redhat.com/security/cve/CVE-2018-12599
https://access.redhat.com/security/cve/CVE-2018-12600
https://access.redhat.com/security/cve/CVE-2018-13153
https://access.redhat.com/security/cve/CVE-2018-14434
https://access.redhat.com/security/cve/CVE-2018-14435
https://access.redhat.com/security/cve/CVE-2018-14436
https://access.redhat.com/security/cve/CVE-2018-14437
https://access.redhat.com/security/cve/CVE-2018-15607
https://access.redhat.com/security/cve/CVE-2018-16328
https://access.redhat.com/security/cve/CVE-2018-16749
https://access.redhat.com/security/cve/CVE-2018-16750
https://access.redhat.com/security/cve/CVE-2018-18544
https://access.redhat.com/security/cve/CVE-2018-20467
https://access.redhat.com/security/cve/CVE-2018-8804
https://access.redhat.com/security/cve/CVE-2018-9133
https://access.redhat.com/security/cve/CVE-2019-10131
https://access.redhat.com/security/cve/CVE-2019-10650
https://access.redhat.com/security/cve/CVE-2019-11470
https://access.redhat.com/security/cve/CVE-2019-11472
https://access.redhat.com/security/cve/CVE-2019-11597
https://access.redhat.com/security/cve/CVE-2019-11598
https://access.redhat.com/security/cve/CVE-2019-12974
https://access.redhat.com/security/cve/CVE-2019-12975
https://access.redhat.com/security/cve/CVE-2019-12976
https://access.redhat.com/security/cve/CVE-2019-12978
https://access.redhat.com/security/cve/CVE-2019-12979
https://access.redhat.com/security/cve/CVE-2019-13133
https://access.redhat.com/security/cve/CVE-2019-13134
https://access.redhat.com/security/cve/CVE-2019-13135
https://access.redhat.com/security/cve/CVE-2019-13295
https://access.redhat.com/security/cve/CVE-2019-13297
https://access.redhat.com/security/cve/CVE-2019-13300
https://access.redhat.com/security/cve/CVE-2019-13301
https://access.redhat.com/security/cve/CVE-2019-13304
https://access.redhat.com/security/cve/CVE-2019-13305
https://access.redhat.com/security/cve/CVE-2019-13306
https://access.redhat.com/security/cve/CVE-2019-13307
https://access.redhat.com/security/cve/CVE-2019-13309
https://access.redhat.com/security/cve/CVE-2019-13310
https://access.redhat.com/security/cve/CVE-2019-13311
https://access.redhat.com/security/cve/CVE-2019-13454
https://access.redhat.com/security/cve/CVE-2019-14980
https://access.redhat.com/security/cve/CVE-2019-14981
https://access.redhat.com/security/cve/CVE-2019-15139
https://access.redhat.com/security/cve/CVE-2019-15140
https://access.redhat.com/security/cve/CVE-2019-15141
https://access.redhat.com/security/cve/CVE-2019-16708
https://access.redhat.com/security/cve/CVE-2019-16709
https://access.redhat.com/security/cve/CVE-2019-16710
https://access.redhat.com/security/cve/CVE-2019-16711
https://access.redhat.com/security/cve/CVE-2019-16712
https://access.redhat.com/security/cve/CVE-2019-16713
https://access.redhat.com/security/cve/CVE-2019-17540
https://access.redhat.com/security/cve/CVE-2019-17541
https://access.redhat.com/security/cve/CVE-2019-19948
https://access.redhat.com/security/cve/CVE-2019-19949
https://access.redhat.com/security/cve/CVE-2019-7175
https://access.redhat.com/security/cve/CVE-2019-7397
https://access.redhat.com/security/cve/CVE-2019-7398
https://access.redhat.com/security/cve/CVE-2019-9956
https://bugzilla.redhat.com/1532845
https://bugzilla.redhat.com/1559892
https://bugzilla.redhat.com/1561741
https://bugzilla.redhat.com/1561742
https://bugzilla.redhat.com/1561744
https://bugzilla.redhat.com/1563875
https://bugzilla.redhat.com/1572044
https://bugzilla.redhat.com/1577398
https://bugzilla.redhat.com/1577399
https://bugzilla.redhat.com/1581486
https://bugzilla.redhat.com/1581489
https://bugzilla.redhat.com/1588170
https://bugzilla.redhat.com/1594338
https://bugzilla.redhat.com/1594339
https://bugzilla.redhat.com/1598471
https://bugzilla.redhat.com/1609933
https://bugzilla.redhat.com/1609936
https://bugzilla.redhat.com/1609939
https://bugzilla.redhat.com/1609942
https://bugzilla.redhat.com/1622738
https://bugzilla.redhat.com/1624955
https://bugzilla.redhat.com/1627916
https://bugzilla.redhat.com/1627917
https://bugzilla.redhat.com/1642614
https://bugzilla.redhat.com/1664845
https://bugzilla.redhat.com/1672560
https://bugzilla.redhat.com/1672564
https://bugzilla.redhat.com/1687436
https://bugzilla.redhat.com/1692300
https://bugzilla.redhat.com/1700755
https://bugzilla.redhat.com/1704762
https://bugzilla.redhat.com/1705406
https://bugzilla.redhat.com/1705414
https://bugzilla.redhat.com/1707768
https://bugzilla.redhat.com/1707770
https://bugzilla.redhat.com/1708517
https://bugzilla.redhat.com/1708521
https://bugzilla.redhat.com/1726078
https://bugzilla.redhat.com/1726081
https://bugzilla.redhat.com/1726104
https://bugzilla.redhat.com/1728474
https://bugzilla.redhat.com/1730329
https://bugzilla.redhat.com/1730333
https://bugzilla.redhat.com/1730337
https://bugzilla.redhat.com/1730351
https://bugzilla.redhat.com/1730357
https://bugzilla.redhat.com/1730361
https://bugzilla.redhat.com/1730364
https://bugzilla.redhat.com/1730575
https://bugzilla.redhat.com/1730580
https://bugzilla.redhat.com/1730596
https://bugzilla.redhat.com/1730604
https://bugzilla.redhat.com/1732278
https://bugzilla.redhat.com/1732282
https://bugzilla.redhat.com/1732284
https://bugzilla.redhat.com/1732292
https://bugzilla.redhat.com/1732294
https://bugzilla.redhat.com/1757779
https://bugzilla.redhat.com/1757911
https://bugzilla.redhat.com/1765330
https://bugzilla.redhat.com/1767087
https://bugzilla.redhat.com/1767802
https://bugzilla.redhat.com/1767812
https://bugzilla.redhat.com/1767828
https://bugzilla.redhat.com/1772643
https://bugzilla.redhat.com/1792480
https://bugzilla.redhat.com/1793177
https://bugzilla.redhat.com/1801661
https://bugzilla.redhat.com/1801665
https://bugzilla.redhat.com/1801667
https://bugzilla.redhat.com/1801673
https://bugzilla.redhat.com/1801674
https://bugzilla.redhat.com/1801681
https://access.redhat.com/security/cve/CVE-2018-16640
https://access.redhat.com/security/cve/CVE-2018-16642
https://access.redhat.com/security/cve/CVE-2018-16643
https://access.redhat.com/security/cve/CVE-2018-16644
https://access.redhat.com/security/cve/CVE-2018-16645
https://access.redhat.com/security/cve/CVE-2018-17966
https://access.redhat.com/security/cve/CVE-2018-17967
https://access.redhat.com/security/cve/CVE-2018-18016
https://access.redhat.com/security/cve/CVE-2018-18024
https://bugzilla.redhat.com/1626570
https://bugzilla.redhat.com/1626591
https://bugzilla.redhat.com/1626599
https://bugzilla.redhat.com/1626606
https://bugzilla.redhat.com/1626611
https://bugzilla.redhat.com/1636579
https://bugzilla.redhat.com/1636587
Plugin Details
Severity: Critical
ID: 135041
File Name: redhat-RHSA-2020-1180.nasl
Version: 1.6
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 3/31/2020
Updated: 10/13/2021
Dependencies: ssh_get_info.nasl, redhat_repos.nasl
Risk Information
CVSS Score Source: CVE-2019-19948
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-perl:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-doc:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:autotrace:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:autotrace-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs-common:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs-el:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs-filesystem:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs-nox:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:emacs-terminal:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:inkscape:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:inkscape-docs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:inkscape-view:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-c\+\+:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:imagemagick-c\+\+-devel:*:*:*:*:*:*:*
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 3/31/2020
Vulnerability Publication Date: 7/10/2017
Reference Information
CVE: CVE-2017-1000476, CVE-2017-11166, CVE-2018-8804, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2018-10177, CVE-2017-18271, CVE-2018-10804, CVE-2018-10805, CVE-2018-9133, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-12599, CVE-2018-12600, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-16328, CVE-2018-20467, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-10650, CVE-2019-9956, CVE-2017-12805, CVE-2017-12806, CVE-2019-10131, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12978, CVE-2019-12979, CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13307, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13309, CVE-2017-18273, CVE-2018-11656, CVE-2018-13153, CVE-2018-15607, CVE-2019-16711, CVE-2019-16708, CVE-2019-16713, CVE-2019-16709, CVE-2019-16710, CVE-2019-16712, CVE-2019-15141, CVE-2019-14980, CVE-2019-17541, CVE-2019-15139, CVE-2019-14981, CVE-2019-17540, CVE-2019-15140, CVE-2019-19949, CVE-2019-19948
BID: 108913, 108117, 108102, 106847, 106848, 107546, 107646, 102428, 106315, 103498, 108492, 105137, 104687, 106561, 107333, 109099, 109308, 109362, 108448, 104591, 106268