SUSE-SA:2005:017: ImageMagick

high Nessus Plugin ID 17606

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:017 (ImageMagick).


This update fixes several security issues in the ImageMagick program suite:

- A format string vulnerability was found in the display program which could lead to a remote attacker being to able to execute code as the user running display by providing handcrafted filenames of images. This is tracked by the Mitre CVE ID CVE-2005-0397.

Andrei Nigmatulin reported 4 problems in older versions of ImageMagick:

- A bug was found in the way ImageMagick handles TIFF tags.
It is possible that a TIFF image file with an invalid tag could cause ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0759.

Only ImageMagick version before version 6 are affected.

- A bug was found in ImageMagick's TIFF decoder.
It is possible that a specially crafted TIFF image file could cause ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0760.

Only ImageMagick version before version 6 are affected.

- A bug was found in the way ImageMagick parses PSD files.
It is possible that a specially crafted PSD file could cause ImageMagick to crash.
This is tracked by the Mitre CVE ID CVE-2005-0761.

Only ImageMagick version before version 6.1.8 are affected.

- A heap overflow bug was found in ImageMagick's SGI parser.
It is possible that an attacker could execute arbitrary code by tricking a user into opening a specially crafted SGI image file.
This is tracked by the Mitre CVE ID CVE-2005-0762.

Only ImageMagick version before version 6 are affected.

Solution

http://www.suse.de/security/advisories/2005_17_imagemagick.html

Plugin Details

Severity: High

ID: 17606

File Name: suse_SA_2005_017.nasl

Version: 1.11

Agent: unix

Published: 3/24/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0397, CVE-2005-0759, CVE-2005-0760, CVE-2005-0761, CVE-2005-0762