In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: NULL pointer dereference in  GetMagickProperty function in MagickCore/property.c     (CVE-2018-16329)

  - The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a     denial of service (out-of-bounds read) via a crafted image file. (CVE-2014-8354)

  - PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-     of-bounds read). (CVE-2014-8355)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: Insufficient shell characters filtering (CVE-2016-3714)

  - ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c (CVE-2018-16328)

  - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper     variable type for the allocation size, which might allow remote attackers to cause a denial of service     (crash) via a crafted PNG file that triggers incorrect memory allocation. (CVE-2012-3437)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: NULL pointer dereference in  GetMagickProperty function in MagickCore/property.c     (CVE-2018-16329)

  - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper     variable type for the allocation size, which might allow remote attackers to cause a denial of service     (crash) via a crafted PNG file that triggers incorrect memory allocation. (CVE-2012-3437)

  - Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier     allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a     large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than     CVE-2014-2030. (CVE-2014-1947)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

This update for ImageMagick fixes the following issues: These security issues were fixed :

  - CVE-2017-13758: Prevent heap-based buffer overflow in     the TracePoint() function (bsc#1056277).

  - CVE-2017-10928: Prevent heap-based buffer over-read in     the GetNextToken function that allowed remote attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document (bsc#1047356).

  - CVE-2018-9133: Long compute times in the tiff decoder     have been fixed (bsc#1087820).

  - CVE-2018-11251: Heap-based buffer over-read in     ReadSUNImage in coders/sun.c, which allows attackers to     cause denial of service (bsc#1094237).

  - CVE-2017-18271: Infinite loop in the function     ReadMIFFImage in coders/miff.c, which allows attackers     to cause a denial of service (bsc#1094204).

  - CVE-2018-11655: Memory leak in the GetImagePixelCache in     MagickCore/cache.c was fixed (bsc#1095730)

  - CVE-2018-10804: Memory leak in WriteTIFFImage in     coders/tiff.c was fixed (bsc#1095813)

  - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c,     cmyk.c, gray.c, ycbcr.c (bsc#1095812)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

These security issues were fixed :

  - CVE-2017-13758: Prevent heap-based buffer overflow in     the TracePoint() function (bsc#1056277).

  - CVE-2017-10928: Prevent heap-based buffer over-read in     the GetNextToken function that allowed remote attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document (bsc#1047356).

  - CVE-2018-9133: Long compute times in the tiff decoder     have been fixed (bsc#1087820).

  - CVE-2018-11251: Heap-based buffer over-read in     ReadSUNImage in coders/sun.c, which allows attackers to     cause denial of service (bsc#1094237).

  - CVE-2017-18271: Infinite loop in the function     ReadMIFFImage in coders/miff.c, which allows attackers     to cause a denial of service (bsc#1094204).

  - CVE-2018-11655: Memory leak in the GetImagePixelCache in     MagickCore/cache.c was fixed (bsc#1095730)

  - CVE-2018-10804: Memory leak in WriteTIFFImage in     coders/tiff.c was fixed (bsc#1095813)

  - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c,     cmyk.c, gray.c, ycbcr.c (bsc#1095812)

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14325: In ImageMagick, a memory leak     vulnerability was found in the function     PersistPixelCache in magick/cache.c, which allowed     attackers to cause a denial of service (memory     consumption in ReadMPCImage in coders/mpc.c) via a     crafted file. [bsc#1058635]

  - CVE-2017-17887: In ImageMagick, a memory leak     vulnerability was found in the function     GetImagePixelCache in magick/cache.c, which allowed     attackers to cause a denial of service via a crafted MNG     image file that is processed by ReadOneMNGImage.
    [bsc#1074117]

  - CVE-2017-18250: A NULL pointer dereference vulnerability     was found in the function LogOpenCLBuildFailure in     MagickCore/opencl.c, which could lead to a denial of     service via a crafted file. [bsc#1087039]

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick did not properly restrict     memory allocation, leading to a heap-based buffer     over-read. [bsc#1086782]

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-9135: heap-based buffer over-read in     IsWEBPImageLossless in coders/webp.c could lead to     denial of service. [bsc#1087825]

  - CVE-2018-10177: In ImageMagick, there was an infinite     loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability     to cause a denial of service via a crafted mng file.
    [bsc#1089781]

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

This update was imported from the SUSE:SLE-12:Update update project.

This update for ImageMagick fixes the following issues :

  - CVE-2017-14325: In ImageMagick, a memory leak     vulnerability was found in the function     PersistPixelCache in magick/cache.c, which allowed     attackers to cause a denial of service (memory     consumption in ReadMPCImage in coders/mpc.c) via a     crafted file. [bsc#1058635]

  - CVE-2017-17887: In ImageMagick, a memory leak     vulnerability was found in the function     GetImagePixelCache in magick/cache.c, which allowed     attackers to cause a denial of service via a crafted MNG     image file that is processed by ReadOneMNGImage.
    [bsc#1074117]

  - CVE-2017-18250: A NULL pointer dereference vulnerability     was found in the function LogOpenCLBuildFailure in     MagickCore/opencl.c, which could lead to a denial of     service via a crafted file. [bsc#1087039]

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick did not properly restrict     memory allocation, leading to a heap-based buffer     over-read. [bsc#1086782]

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-9135: heap-based buffer over-read in     IsWEBPImageLossless in coders/webp.c could lead to     denial of service. [bsc#1087825]

  - CVE-2018-10177: In ImageMagick, there was an infinite     loop in the ReadOneMNGImage function of the coders/png.c     file. Remote attackers could leverage this vulnerability     to cause a denial of service via a crafted mng file.
    [bsc#1089781]

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ImageMagick fixes the following issues :

  - security update (png.c)

  - CVE-2018-9018: divide-by-zero in the ReadMNGImage     function of coders/png.c. Attackers could leverage this     vulnerability to cause a crash and denial of service via     a crafted mng file. [bsc#1086773]

  - CVE-2018-10177: there is an infinite loop in the     ReadOneMNGImagefunction of the coders/png.c file. Remote     attackers could leverage thisvulnerability to cause a     denial of service (bsc#1089781)

  - security update (wand)

  - CVE-2017-18252: The MogrifyImageList function in     MagickWand/mogrify.c could allow attackers to cause a     denial of service via a crafted file. [bsc#1087033]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (core)

  - CVE-2017-10928: a heap-based buffer over-read in the     GetNextToken function in token.c could allow attackers     to obtain sensitive information from process memory or     possibly have unspecified other impact via a crafted SVG     document that is mishandled in the     GetUserSpaceCoordinateValue function in coders/svg.c.
    [bsc#1047356]

  - security update (pcd.c)

  - CVE-2017-18251: A memory leak vulnerability was found in     the function ReadPCDImage in coders/pcd.c, which could     lead to a denial of service via a crafted file.
    [bsc#1087037]

  - security update (gif.c)

  - CVE-2017-18254: A memory leak vulnerability was found in     the function WriteGIFImage in coders/gif.c, which could     lead to denial of service via a crafted file.
    [bsc#1087027]

  - security update (tiff.c)

  - CVE-2018-8960: The ReadTIFFImage function in     coders/tiff.c in ImageMagick memory allocation issue     could lead to denial of service (bsc#1086782)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).

Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.

----

rhbz#1490649 - emacs-25.3 is available

rhbz#1490410 - unsafe enriched mode translations (security)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).

Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed DPX, RLE, CIN, DIB, EPT, MAT, VST, PNG, JNG, MNG, DVJU, JPEG, TXT, PES, MPC, UIL, PS, PALM, CIP, TIFF, ICON, MAGICK, DCM, MSL, WMF, MIFF, PCX, SUN, PSD, MVG, PWP, PICT, PDB, SFW, or XCF files are processed.

For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u16.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3363-1 advisory.

    It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or     automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could     exploit this to cause a denial of service or possibly execute code with the privileges of the user     invoking the program.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This updates fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.

ID	Name	Product	Family	Severity
199283	RHEL 7 : imagemagick (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
199277	RHEL 5 : imagemagick (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
199269	RHEL 6 : imagemagick (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
195417	RHEL 6 : imagemagick (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
195362	RHEL 5 : imagemagick (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
195345	RHEL 7 : imagemagick (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
110837	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1851-1)	Nessus	SuSE Local Security Checks	high
110834	openSUSE Security Update : ImageMagick (openSUSE-2018-690)	Nessus	SuSE Local Security Checks	high
109715	openSUSE Security Update : ImageMagick (openSUSE-2018-442)	Nessus	SuSE Local Security Checks	high
109673	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:1178-1)	Nessus	SuSE Local Security Checks	high
109550	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:1129-1)	Nessus	SuSE Local Security Checks	high
103333	Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)	Nessus	Fedora Local Security Checks	critical
103314	Fedora 26 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-8f27031c8f)	Nessus	Fedora Local Security Checks	critical
102889	Debian DLA-1081-1 : imagemagick security update	Nessus	Debian Local Security Checks	critical
101950	Ubuntu 14.04 LTS / 16.04 LTS : ImageMagick vulnerabilities (USN-3363-1)	Nessus	Ubuntu Local Security Checks	high
101794	Debian DSA-3914-1 : imagemagick - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-10928

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

high

high

high

high

high

critical

critical

critical

high

high