ImageMagick 6.x < 6.9.4-3 / 7.x < 7.0.1-4 Multiple Vulnerabilities

High Nessus Plugin ID 91818

Synopsis

An application installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.4-3 or 7.x prior to 7.0.1-4. It is, therefore, affected by the following vulnerabilities :

- An out-of-bounds read error exists in the VerticalFilter() function in coders/dds.c due to improper handling of malformed DDS files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted DDS file, to crash processes linked against the library, resulting in a denial of service condition. (CVE-2016-5687)

- An overflow condition exists in the ReadWPGImage() function in coders/wpg.c due to improper validation of user-supplied input when handling WPG files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted WPG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)

- An invalid write error exists in the OpenPixelCache() function in MagickCore/cache.c due to improper handling of resources. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5688)

Solution

Upgrade to ImageMagick version 6.9.4-3 / 7.0.1-4 or later.

Note that you may need to manually uninstall the vulnerable version from the system.

See Also

http://www.imagemagick.org/script/changelog.php

http://www.nessus.org/u?0b5f3426

Plugin Details

Severity: High

ID: 91818

File Name: imagemagick_6_9_4_3.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2016/06/24

Updated: 2019/01/02

Dependencies: 38949

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:imagemagick:imagemagick

Required KB Items: installed_sw/ImageMagick

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/06/14

Vulnerability Publication Date: 2016/06/14

Reference Information

CVE: CVE-2016-5687, CVE-2016-5688

BID: 91283