Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: Insufficient shell characters filtering (CVE-2016-3714)

  - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)

  - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper     variable type for the allocation size, which might allow remote attackers to cause a denial of service     (crash) via a crafted PNG file that triggers incorrect memory allocation. (CVE-2012-3437)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: NULL pointer dereference in  GetMagickProperty function in MagickCore/property.c     (CVE-2018-16329)

  - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper     variable type for the allocation size, which might allow remote attackers to cause a denial of service     (crash) via a crafted PNG file that triggers incorrect memory allocation. (CVE-2012-3437)

  - Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier     allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a     large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than     CVE-2014-2030. (CVE-2014-1947)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Solaris system is missing necessary patches to address security updates.

Fix for psd security issue, and upgrade path to f21.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported.

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick.

A buffer overflow flaw affecting ImageMagick when creating PSD images was reported. The vulnerability is similar to CVE-2014-1947 , except that CVE-2014-2030 's format string is 'L%06ld' instead of CVE-2014-1947 's 'L%02ld' due to commit r1448.

New stable upstream release, patched for CVE-2014-1947. See also:
http://www.graphicsmagick.org/NEWS.html#august-16-2014

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Better fix for psd security issue, CVE-2014-1947.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201405-09 (ImageMagick: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ImageMagick. Please       review the CVE identifiers referenced below for details.
    Note that CVE-2012-1185 and CVE-2012-1186 were issued due to incomplete       fixes for CVE-2012-0247 and CVE-2012-0248, respectively. The earlier CVEs       were addressed in GLSA 201203-09.
  Impact :

    A remote attacker can utilize multiple vectors to execute arbitrary code       or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

- Build 6.8.6-3 version because soname bump happened in     newer.

    - Concretize soname versioning.

    - Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug       fix backporting:
      http://www.imagemagick.org/discourse-server/viewtopic.
      php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p       =109901#p109901 for fix CVE-2014-1958 (bz#1067276,       bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030       (bz#1064098)

  - Enable %check by Alexander Todorov suggestion -     bz#1076671.

    - Add %{?_smp_mflags} into make install and check (not       main compilation).

    - Porting some other non-destructive minor enhancements       from master branch: o Drop BR giflib-devel       (bz#1039378) o Use %__isa_bits instead of hardcoding       the list of 64-bit architectures.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code.

The image converter program and library set of ImageMagick received an update that fixes a buffer overflow when handling PSD images.

The remote Windows host is running a version of ImageMagick prior to version 6.8.7-6.  It is, therefore, affected by a memory corruption vulnerability related to PSD image file handling and the 'WritePSDImage' function.  Exploitation of this issue could result in a denial of service or arbitrary code execution.

ID	Name	Product	Family	Severity
199277	RHEL 5 : imagemagick (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
199269	RHEL 6 : imagemagick (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
80644	Oracle Solaris Third-Party Patch Update : imagemagick (multiple_buffer_errors_vulnerabilities_in2)	Nessus	Solaris Local Security Checks	high
79260	Fedora 21 : GraphicsMagick-1.3.20-3.fc21 (2014-14617)	Nessus	Fedora Local Security Checks	medium
78363	Amazon Linux AMI : GraphicsMagick (ALAS-2014-420)	Nessus	Amazon Linux Local Security Checks	high
78279	Amazon Linux AMI : ImageMagick (ALAS-2014-336)	Nessus	Amazon Linux Local Security Checks	high
77678	Fedora 19 : GraphicsMagick-1.3.20-3.fc19 (2014-9624)	Nessus	Fedora Local Security Checks	medium
77593	Fedora 20 : GraphicsMagick-1.3.20-3.fc20 (2014-9927)	Nessus	Fedora Local Security Checks	medium
77427	Fedora 20 : GraphicsMagick-1.3.20-1.fc20 (2014-9596)	Nessus	Fedora Local Security Checks	medium
74052	GLSA-201405-09 : ImageMagick: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
73546	Fedora 20 : ImageMagick-6.8.6.3-4.fc20 (2014-4969)	Nessus	Fedora Local Security Checks	medium
73440	Debian DSA-2898-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high
72977	SuSE 11.3 Security Update : ImageMagick (SAT Patch Number 8978)	Nessus	SuSE Local Security Checks	high
72721	ImageMagick < 6.8.7-6 WritePSDImage PSD Handling Memory Corruption	Nessus	Windows	medium

Detections

Analytics

CVE-2014-1947

high

Tenable Plugins

critical

critical

high

medium

high

high

medium

medium

medium

high

medium

high

high

medium