Linux/Unix ホストには、ベンダーが提供するパッチが利用できない脆弱性の影響を受ける複数のパッケージがインストールされています。

  - ImageMagick 7.0.9-27 ～ 7.0.10-17 には、TIFF 画像デコード中の MagickCore/string.c の BlobToStringInfo でのヒープベースのバッファオーバーリードがあります。 （CVE-2020-13902）

Nessus は、ベンダーによって報告されたパッケージの存在に依存していることに注意してください。

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件，且供應商未提供可用的修補程式。

  - ImageMagick 7.0.9-27 到 7.0.10-17 在 TIFF 影像解碼期間，MagickCore/string.c 的 BlobToStringInfo 中有堆積型緩衝區過度讀取情形。 (CVE-2020-13902)

請注意，Nessus 依賴供應商報告的套件存在。

リモートWindowsホストに、7.0.9-27 < 7.0.10-17のImageMagickがインストールされています。したがって、TIFF画像復号時のMagickCore/string.cにおけるBlobToStringInfoの欠陥によるヒープベースのバッファオーバーリード脆弱性の影響を受けます

远程 Windows 主机上安装的 ImageMagick 版本为低于 7.0.10-17 的 7.0.9-27。因此，该应用程序受到基于堆的缓冲区过度读取漏洞的影响，这是 TIFF 图像解码期间 MagickCore / string.c 中的 BlobToStringInfo 中的缺陷所致。

遠程 Windows 主機安裝的 ImageMagick 版本為 7.0.10-17 之前的 7.0.9-27，因此會受到堆積型緩衝區過讀弱點的影響，這是 TIFF 圖像解碼期間 MagickCore/string.c 的 BlobToStringInfo 中的缺陷所致。

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响，而供应商没有提供补丁程序。

  - ImageMagick 7.0.9-27 至 7.0.10-17 在 TIFF 图像解码期间，MagickCore/string.c 的 BlobToStringInfo 中存在基于堆的缓冲区过度读取。 (CVE-2020-13902)

请注意，Nessus 依赖供应商报告的程序包是否存在进行判断。

The remote Windows host has a version of ImageMagick installed that is 7.0.9-27 prior to 7.0.10-17  It is, therefore, affected by a heap-based buffer over-read vulnerability due to a flaw in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

According to the version of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based     buffer over-read in BlobToStringInfo in     MagickCore/string.c during TIFF image     decoding.(CVE-2020-13902)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based     buffer over-read in BlobToStringInfo in     MagickCore/string.c during TIFF image     decoding.(CVE-2020-13902)

  - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40     mishandles the -authenticate option, which allows     setting a password for password-protected PDF files.
    The user-controlled password was not properly     escaped/sanitized and it was therefore possible to     inject additional shell commands via     coders/pdf.c.(CVE-2020-29599)

  - A flaw was found in ImageMagick in     MagickCore/statistic.c. An attacker who submits a     crafted file that is processed by ImageMagick could     trigger undefined behavior in the form of values     outside the range of type `unsigned long`. This would     most likely lead to an impact to application     availability, but could potentially cause other     problems related to undefined behavior. This flaw     affects ImageMagick versions prior to     7.0.8-69.(CVE-2020-27766)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in     MagickCore/string.c during TIFF image decoding. (CVE-2020-13902)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote     attackers to cause a denial of service (use-after-free     and application crash) or possibly have unspecified     other impact by crafting a Matlab image file that is     mishandled in ReadImage in     MagickCore/constitute.c.(CVE-2019-15140)

  - In ImageMagick 7.x before 7.0.8-41 and 6.x before     6.9.10-41, there is a divide-by-zero vulnerability in     the MeanShiftImage function. It allows an attacker to     cause a denial of service by sending a crafted     file.(CVE-2019-14981)

  - ImageMagick 7.0.8-35 has a memory leak in     magick/xwindow.c, related to     XCreateImage.(CVE-2019-16708)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c,     as demonstrated by XCreateImage.(CVE-2019-16709)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c,     as demonstrated by AcquireMagickMemory in     MagickCore/memory.c.(CVE-2019-16710)

  - ImageMagick 7.0.8-40 has a memory leak in     Huffman2DEncodeImage in coders/ps2.c.(CVE-2019-16711)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based     buffer overflow in the function WriteSGIImage of     coders/sgi.c.(CVE-2019-19948)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based     buffer over-read in the function WritePNGImage of     coders/png.c, related to Magick_png_write_raw_profile     and LocaleNCompare.(CVE-2019-19949)

  - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based     buffer over-read in BlobToStringInfo in     MagickCore/string.c during TIFF image     decoding.(CVE-2020-13902)

  - In ImageMagick 7.0.5-7 Q16, an assertion failure was     found in the function LockSemaphoreInfo, which allows     attackers to cause a denial of service via a crafted     file.(CVE-2017-9501)

  - When ImageMagick 7.0.6-1 processes a crafted file in     convert, it can lead to a heap-based buffer over-read     in the WriteUILImage() function in     coders/uil.c.(CVE-2017-11533)

  - Null Pointer Dereference in the IdentifyImage function     in MagickCore/identify.c in ImageMagick through     7.0.6-10 allows an attacker to perform denial of     service by sending a crafted image     file.(CVE-2017-13768)

  - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40     mishandles the -authenticate option, which allows     setting a password for password-protected PDF files.
    The user-controlled password was not properly     escaped/sanitized and it was therefore possible to     inject additional shell commands via     coders/pdf.c.(CVE-2020-29599)

  - A flaw was found in ImageMagick in     MagickCore/statistic.c. An attacker who submits a     crafted file that is processed by ImageMagick could     trigger undefined behavior in the form of values     outside the range of type `unsigned long`. This would     most likely lead to an impact to application     availability, but could potentially cause other     problems related to undefined behavior. This flaw     affects ImageMagick versions prior to     7.0.8-69.(CVE-2020-27766)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
223297	Linux Distros のパッチ未適用の脆弱性: CVE-2020-13902	Nessus	Misc.	3/4/2025	9/3/2025	high
223297	Linux Distros 未修補弱點：CVE-2020-13902	Nessus	Misc.	3/4/2025	9/3/2025	high
139224	ImageMagick 7.0.9-27 < 7.0.10-17のBlobToStringInfoにおけるヒープバッファオーバーフロー	Nessus	Windows	7/31/2020	6/4/2024	high
139224	ImageMagick 7.0.9-27 < 7.0.10-17 BlobToStringInfo 中的堆缓冲区溢出	Nessus	Windows	7/31/2020	6/4/2024	high
139224	ImageMagick 7.0.9-27 < 7.0.10-17 BlobToStringInfo 中的堆積緩衝區溢位	Nessus	Windows	7/31/2020	6/4/2024	high
223297	Linux Distros 未修补的漏洞: CVE-2020-13902	Nessus	Misc.	3/4/2025	9/3/2025	high
139224	ImageMagick 7.0.9-27 < 7.0.10-17 Heap-buffer-overflow in BlobToStringInfo	Nessus	Windows	7/31/2020	6/4/2024	high
142100	EulerOS 2.0 SP5 : ImageMagick (EulerOS-SA-2020-2248)	Nessus	Huawei Local Security Checks	10/30/2020	2/13/2024	high
145211	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2021-1074)	Nessus	Huawei Local Security Checks	1/20/2021	1/29/2024	high
223297	Linux Distros Unpatched Vulnerability : CVE-2020-13902	Nessus	Misc.	3/4/2025	9/3/2025	high
146668	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2021-1305)	Nessus	Huawei Local Security Checks	2/22/2021	1/19/2024	critical

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high

critical