RHEL 7 : ImageMagick (RHSA-2020:1180)

High Nessus Plugin ID 135041

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1180 advisory.

 - ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c (CVE-2017-1000476)

 - ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c (CVE-2017-11166)

 - ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service (CVE-2017-12805)

 - ImageMagick: memory exhaustion in function format8BIM causing denial of service (CVE-2017-12806)

 - ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c (CVE-2017-18251)

 - ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c (CVE-2017-18252)

 - ImageMagick: memory leak in WriteGIFImage function in coders/gif.c (CVE-2017-18254)

 - ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c (CVE-2017-18271)

 - ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c (CVE-2017-18273)

 - ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file (CVE-2018-10177)

 - ImageMagick: Memory leak in WriteTIFFImage (CVE-2018-10804)

 - ImageMagick: Memory leak in ReadYCBCRImage (CVE-2018-10805)

 - ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c (CVE-2018-11656)

 - ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c (CVE-2018-12599)

 - ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c (CVE-2018-12600)

 - ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c (CVE-2018-13153)

 - ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c (CVE-2018-14434)

 - ImageMagick: memory leak in DecodeImage in coders/pcd.c (CVE-2018-14435)

 - ImageMagick: memory leak in ReadMIFFImage in coders/miff.c (CVE-2018-14436)

 - ImageMagick: memory leak in parse8BIM in coders/meta.c (CVE-2018-14437)

 - ImageMagick: CPU Exhaustion via crafted input file (CVE-2018-15607)

 - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)

 - ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c (CVE-2018-16749)

 - ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c (CVE-2018-16750)

 - ImageMagick: memory leak in WriteMSLImage of coders/msl.c (CVE-2018-18544)

 - ImageMagick: infinite loop in coders/bmp.c (CVE-2018-20467)

 - ImageMagick: double free in WriteEPTImage function in coders/ept.c (CVE-2018-8804)

 - ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c (CVE-2018-9133)

 - ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c (CVE-2019-10131)

 - ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file (CVE-2019-10650)

 - ImageMagick: denial of service in cineon parsing component (CVE-2019-11470)

 - ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component (CVE-2019-11472)

 - ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure (CVE-2019-11597)

 - ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure (CVE-2019-11598)

 - imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service (CVE-2019-12974)

 - imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c (CVE-2019-12975)

 - imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c (CVE-2019-12976)

 - imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c (CVE-2019-12978)

 - imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c (CVE-2019-12979)

 - ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c (CVE-2019-13133)

 - ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c (CVE-2019-13134)

 - ImageMagick: a use of uninitialized value vulnerability in the function ReadCUTImage leading to a crash and DoS (CVE-2019-13135)

 - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled (CVE-2019-13295)

 - ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled (CVE-2019-13297)

 - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300)

 - ImageMagick: memory leaks in AcquireMagickMemory (CVE-2019-13301)

 - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304)

 - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error (CVE-2019-13305)

 - ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306)

 - ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307)

 - ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (CVE-2019-13309)

 - ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c (CVE-2019-13310)

 - ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error (CVE-2019-13311)

 - ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c (CVE-2019-13454)

 - ImageMagick: use-after-free in magick/blob.c resulting in a denial of service (CVE-2019-14980)

 - ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c (CVE-2019-14981)

 - ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c (CVE-2019-15139)

 - ImageMagick: Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140)

 - ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c (CVE-2019-15141)

 - ImageMagick: memory leak in magick/xwindow.c (CVE-2019-16708)

 - ImageMagick: memory leak in coders/dps.c (CVE-2019-16709)

 - ImageMagick: memory leak in coders/dot.c (CVE-2019-16710, CVE-2019-16713)

 - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c (CVE-2019-16711)

 - ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c (CVE-2019-16712)

 - ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c (CVE-2019-17540)

 - ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c (CVE-2019-17541)

 - ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)

 - ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c (CVE-2019-19949)

 - imagemagick: memory leak in function DecodeImage in coders/pcd.c (CVE-2019-7175)

 - ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c (CVE-2019-7397)

 - ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c (CVE-2019-7398)

 - imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c (CVE-2019-9956)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cwe.mitre.org/data/definitions/20.html

https://cwe.mitre.org/data/definitions/119.html

https://cwe.mitre.org/data/definitions/121.html

https://cwe.mitre.org/data/definitions/122.html

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/193.html

https://cwe.mitre.org/data/definitions/200.html

https://cwe.mitre.org/data/definitions/248.html

https://cwe.mitre.org/data/definitions/369.html

https://cwe.mitre.org/data/definitions/400.html

https://cwe.mitre.org/data/definitions/401.html

https://cwe.mitre.org/data/definitions/416.html

https://cwe.mitre.org/data/definitions/456.html

https://cwe.mitre.org/data/definitions/476.html

https://cwe.mitre.org/data/definitions/617.html

https://cwe.mitre.org/data/definitions/772.html

https://cwe.mitre.org/data/definitions/787.html

https://cwe.mitre.org/data/definitions/835.html

https://access.redhat.com/security/cve/CVE-2017-11166

https://access.redhat.com/security/cve/CVE-2017-12805

https://access.redhat.com/security/cve/CVE-2017-12806

https://access.redhat.com/security/cve/CVE-2017-18251

https://access.redhat.com/security/cve/CVE-2017-18252

https://access.redhat.com/security/cve/CVE-2017-18254

https://access.redhat.com/security/cve/CVE-2017-18271

https://access.redhat.com/security/cve/CVE-2017-18273

https://access.redhat.com/security/cve/CVE-2017-1000476

https://access.redhat.com/security/cve/CVE-2018-8804

https://access.redhat.com/security/cve/CVE-2018-9133

https://access.redhat.com/security/cve/CVE-2018-10177

https://access.redhat.com/security/cve/CVE-2018-10804

https://access.redhat.com/security/cve/CVE-2018-10805

https://access.redhat.com/security/cve/CVE-2018-11656

https://access.redhat.com/security/cve/CVE-2018-12599

https://access.redhat.com/security/cve/CVE-2018-12600

https://access.redhat.com/security/cve/CVE-2018-13153

https://access.redhat.com/security/cve/CVE-2018-14434

https://access.redhat.com/security/cve/CVE-2018-14435

https://access.redhat.com/security/cve/CVE-2018-14436

https://access.redhat.com/security/cve/CVE-2018-14437

https://access.redhat.com/security/cve/CVE-2018-15607

https://access.redhat.com/security/cve/CVE-2018-16328

https://access.redhat.com/security/cve/CVE-2018-16749

https://access.redhat.com/security/cve/CVE-2018-16750

https://access.redhat.com/security/cve/CVE-2018-18544

https://access.redhat.com/security/cve/CVE-2018-20467

https://access.redhat.com/security/cve/CVE-2019-7175

https://access.redhat.com/security/cve/CVE-2019-7397

https://access.redhat.com/security/cve/CVE-2019-7398

https://access.redhat.com/security/cve/CVE-2019-9956

https://access.redhat.com/security/cve/CVE-2019-10131

https://access.redhat.com/security/cve/CVE-2019-10650

https://access.redhat.com/security/cve/CVE-2019-11470

https://access.redhat.com/security/cve/CVE-2019-11472

https://access.redhat.com/security/cve/CVE-2019-11597

https://access.redhat.com/security/cve/CVE-2019-11598

https://access.redhat.com/security/cve/CVE-2019-12974

https://access.redhat.com/security/cve/CVE-2019-12975

https://access.redhat.com/security/cve/CVE-2019-12976

https://access.redhat.com/security/cve/CVE-2019-12978

https://access.redhat.com/security/cve/CVE-2019-12979

https://access.redhat.com/security/cve/CVE-2019-13133

https://access.redhat.com/security/cve/CVE-2019-13134

https://access.redhat.com/security/cve/CVE-2019-13135

https://access.redhat.com/security/cve/CVE-2019-13295

https://access.redhat.com/security/cve/CVE-2019-13297

https://access.redhat.com/security/cve/CVE-2019-13300

https://access.redhat.com/security/cve/CVE-2019-13301

https://access.redhat.com/security/cve/CVE-2019-13304

https://access.redhat.com/security/cve/CVE-2019-13305

https://access.redhat.com/security/cve/CVE-2019-13306

https://access.redhat.com/security/cve/CVE-2019-13307

https://access.redhat.com/security/cve/CVE-2019-13309

https://access.redhat.com/security/cve/CVE-2019-13310

https://access.redhat.com/security/cve/CVE-2019-13311

https://access.redhat.com/security/cve/CVE-2019-13454

https://access.redhat.com/security/cve/CVE-2019-14980

https://access.redhat.com/security/cve/CVE-2019-14981

https://access.redhat.com/security/cve/CVE-2019-15139

https://access.redhat.com/security/cve/CVE-2019-15140

https://access.redhat.com/security/cve/CVE-2019-15141

https://access.redhat.com/security/cve/CVE-2019-16708

https://access.redhat.com/security/cve/CVE-2019-16709

https://access.redhat.com/security/cve/CVE-2019-16710

https://access.redhat.com/security/cve/CVE-2019-16711

https://access.redhat.com/security/cve/CVE-2019-16712

https://access.redhat.com/security/cve/CVE-2019-16713

https://access.redhat.com/security/cve/CVE-2019-17540

https://access.redhat.com/security/cve/CVE-2019-17541

https://access.redhat.com/security/cve/CVE-2019-19948

https://access.redhat.com/security/cve/CVE-2019-19949

https://access.redhat.com/errata/RHSA-2020:1180

https://bugzilla.redhat.com/1532845

https://bugzilla.redhat.com/1559892

https://bugzilla.redhat.com/1561741

https://bugzilla.redhat.com/1561742

https://bugzilla.redhat.com/1561744

https://bugzilla.redhat.com/1563875

https://bugzilla.redhat.com/1572044

https://bugzilla.redhat.com/1577398

https://bugzilla.redhat.com/1577399

https://bugzilla.redhat.com/1581486

https://bugzilla.redhat.com/1581489

https://bugzilla.redhat.com/1588170

https://bugzilla.redhat.com/1594338

https://bugzilla.redhat.com/1594339

https://bugzilla.redhat.com/1598471

https://bugzilla.redhat.com/1609933

https://bugzilla.redhat.com/1609936

https://bugzilla.redhat.com/1609939

https://bugzilla.redhat.com/1609942

https://bugzilla.redhat.com/1622738

https://bugzilla.redhat.com/1624955

https://bugzilla.redhat.com/1627916

https://bugzilla.redhat.com/1627917

https://bugzilla.redhat.com/1642614

https://bugzilla.redhat.com/1664845

https://bugzilla.redhat.com/1672560

https://bugzilla.redhat.com/1672564

https://bugzilla.redhat.com/1687436

https://bugzilla.redhat.com/1692300

https://bugzilla.redhat.com/1700755

https://bugzilla.redhat.com/1704762

https://bugzilla.redhat.com/1705406

https://bugzilla.redhat.com/1705414

https://bugzilla.redhat.com/1707768

https://bugzilla.redhat.com/1707770

https://bugzilla.redhat.com/1708517

https://bugzilla.redhat.com/1708521

https://bugzilla.redhat.com/1726078

https://bugzilla.redhat.com/1726081

https://bugzilla.redhat.com/1726104

https://bugzilla.redhat.com/1728474

https://bugzilla.redhat.com/1730329

https://bugzilla.redhat.com/1730333

https://bugzilla.redhat.com/1730337

https://bugzilla.redhat.com/1730351

https://bugzilla.redhat.com/1730357

https://bugzilla.redhat.com/1730361

https://bugzilla.redhat.com/1730364

https://bugzilla.redhat.com/1730575

https://bugzilla.redhat.com/1730580

https://bugzilla.redhat.com/1730596

https://bugzilla.redhat.com/1730604

https://bugzilla.redhat.com/1732278

https://bugzilla.redhat.com/1732282

https://bugzilla.redhat.com/1732284

https://bugzilla.redhat.com/1732292

https://bugzilla.redhat.com/1732294

https://bugzilla.redhat.com/1757779

https://bugzilla.redhat.com/1757911

https://bugzilla.redhat.com/1765330

https://bugzilla.redhat.com/1767087

https://bugzilla.redhat.com/1767802

https://bugzilla.redhat.com/1767812

https://bugzilla.redhat.com/1767828

https://bugzilla.redhat.com/1772643

https://bugzilla.redhat.com/1792480

https://bugzilla.redhat.com/1793177

https://bugzilla.redhat.com/1801661

https://bugzilla.redhat.com/1801665

https://bugzilla.redhat.com/1801667

https://bugzilla.redhat.com/1801673

https://bugzilla.redhat.com/1801674

https://bugzilla.redhat.com/1801681

Plugin Details

Severity: High

ID: 135041

File Name: redhat-RHSA-2020-1180.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2020/03/31

Updated: 2020/11/19

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS Score Source: CVE-2019-19948

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7::client, cpe:/o:redhat:enterprise_linux:7::computenode, cpe:/o:redhat:enterprise_linux:7::server, cpe:/o:redhat:enterprise_linux:7::workstation, p-cpe:/a:redhat:enterprise_linux:ImageMagick, p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++, p-cpe:/a:redhat:enterprise_linux:ImageMagick-c++-devel, p-cpe:/a:redhat:enterprise_linux:ImageMagick-devel, p-cpe:/a:redhat:enterprise_linux:ImageMagick-doc, p-cpe:/a:redhat:enterprise_linux:ImageMagick-perl, p-cpe:/a:redhat:enterprise_linux:autotrace, p-cpe:/a:redhat:enterprise_linux:autotrace-devel, p-cpe:/a:redhat:enterprise_linux:emacs, p-cpe:/a:redhat:enterprise_linux:emacs-common, p-cpe:/a:redhat:enterprise_linux:emacs-el, p-cpe:/a:redhat:enterprise_linux:emacs-filesystem, p-cpe:/a:redhat:enterprise_linux:emacs-nox, p-cpe:/a:redhat:enterprise_linux:emacs-terminal, p-cpe:/a:redhat:enterprise_linux:inkscape, p-cpe:/a:redhat:enterprise_linux:inkscape-docs, p-cpe:/a:redhat:enterprise_linux:inkscape-view

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/31

Vulnerability Publication Date: 2017/07/10

Reference Information

CVE: CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000476, CVE-2018-8804, CVE-2018-9133, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805, CVE-2018-11656, CVE-2018-12599, CVE-2018-12600, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-20467, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12978, CVE-2019-12979, CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-17540, CVE-2019-17541, CVE-2019-19948, CVE-2019-19949

BID: 102428, 103498, 104591, 104687, 105137, 106268, 106315, 106561, 106847, 106848, 107333, 107546, 107646, 108102, 108117, 108448, 108492, 108913, 109099, 109308, 109362

RHSA: 2020:1180

CWE: 20, 119, 121, 122, 125, 193, 200, 248, 369, 400, 401, 416, 456, 476, 617, 772, 787, 835