SuSE 11.1 Security Update : ImageMagick (SAT Patch Number 6226)

High Nessus Plugin ID 64158


The remote SuSE 11 host is missing one or more security updates.


This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files :

- Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. (CVE-2012-0259 / CVE-2012-1610)

- Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. (CVE-2012-0247 / CVE-2012-1185)

- Denial of service via 'profile.c'. (CVE-2012-0248 / CVE-2012-1186)

- Denial of service via JPEG restart markers (excessive CPU consumption). (CVE-2012-0260)

- Copying of invalid memory when reading TIFF EXIF IFD.


Apply SAT patch number 6226.

See Also

Plugin Details

Severity: High

ID: 64158

File Name: suse_11_ImageMagick-120427.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2013/01/25

Modified: 2013/10/25

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ImageMagick, p-cpe:/a:novell:suse_linux:11:libMagick++1, p-cpe:/a:novell:suse_linux:11:libMagickCore1, p-cpe:/a:novell:suse_linux:11:libMagickCore1-32bit, p-cpe:/a:novell:suse_linux:11:libMagickWand1, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2012/04/27

Reference Information

CVE: CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-0260, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798