This update for ImageMagick fixes the following issues :

  - CVE-2016-9556: Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559: Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707: Possible code execution in the tiff     deflate convert code [bsc#1014159]

  - CVE-2016-9773: Possible Heap overflow in IsPixelGray     [bsc#1013376]

  - CVE-2016-8866: Possible memory allocation failure in     AcquireMagickMemory [bsc#1009318]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GraphicsMagick fixes the following security issues :

  - CVE-2016-9556: Maliciously crafted image headers could     cause denial of service in image format detection     routines (boo#1011130)

  - CVE-2016-9559: Maliciously crafted image headers could     cause denial of service in image format detection     routines for TIFF (boo#1011136)

Several issues have been discovered in ImageMagick, a popular set of programs and libraries for image manipulation. These issues include several problems in memory handling that can result in a denial of service attack or in execution of arbitrary code by an attacker with control on the image input.

The version of ImageMagick installed on the remote Windows host is 6.x prior to 6.9.6-5. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c.
An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.

This update for ImageMagick fixes the following issues :

  - CVE-2016-9556 Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707 Possible code execution in Tiff conver     utility [bsc#1014159]

  - CVE-2016-8866 Memory allocation failure in     AcquireMagickMemory could lead to Heap overflow     [bsc#1009318]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

This update was imported from the SUSE:SLE-12:Update update project.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL     pointer dereference and crash) via a crafted image. (CVE-2016-9559)

Note that Nessus relies on the presence of the package as reported by the vendor.

This update for ImageMagick fixes the following issues :

  - CVE-2016-9556 Possible Heap-overflow found by fuzzing     [bsc#1011130]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

  - CVE-2016-8707 Possible code execution in Tiff conver     utility [bsc#1014159]

  - CVE-2016-8866 Memory allocation failure in     AcquireMagickMemory could lead to Heap overflow     [bsc#1009318]

  - CVE-2016-9559 Possible NULL pointer access found by     fuzzing [bsc#1011136]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-7. It is, therefore, affected by a denial of service vulnerability due to a NULL pointer dereference flaw in the TIFFGetProperties() function within file coders/tiff.c. An unauthenticated, remote attacker can exploit this, via a specially crafted TIFF image, to crash a process linked against the library.

ID	Name	Product	Family	Published	Updated	Severity
96138	SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:3256-1)	Nessus	SuSE Local Security Checks	12/27/2016	1/19/2021	high
95594	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1414)	Nessus	SuSE Local Security Checks	12/7/2016	1/19/2021	medium
95362	Debian DSA-3726-1 : imagemagick - security update	Nessus	Debian Local Security Checks	11/28/2016	1/11/2021	high
95593	openSUSE Security Update : ImageMagick (openSUSE-2016-1413)	Nessus	SuSE Local Security Checks	12/7/2016	1/19/2021	medium
95595	openSUSE Security Update : GraphicsMagick (openSUSE-2016-1415)	Nessus	SuSE Local Security Checks	12/7/2016	1/19/2021	medium
95719	ImageMagick 6.x < 6.9.6-5 TIFFGetProperties() NULL Pointer Dereference DoS	Nessus	Windows	12/12/2016	6/4/2024	medium
96296	openSUSE Security Update : ImageMagick (openSUSE-2017-14)	Nessus	SuSE Local Security Checks	1/5/2017	1/19/2021	high
220295	Linux Distros Unpatched Vulnerability : CVE-2016-9559	Nessus	Misc.	3/4/2025	3/4/2025	medium
96139	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:3258-1)	Nessus	SuSE Local Security Checks	12/27/2016	1/6/2021	high
135519	EulerOS 2.0 SP3 : ImageMagick (EulerOS-SA-2020-1390)	Nessus	Huawei Local Security Checks	4/15/2020	2/9/2021	critical
95721	ImageMagick 7.x < 7.0.3-7 TIFFGetProperties() NULL Pointer Dereference DoS	Nessus	Windows	12/12/2016	6/4/2024	medium
131846	EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2019-2354)	Nessus	Huawei Local Security Checks	12/10/2019	2/9/2021	critical

Detections

Analytics

Plugins Search

high

medium

high

medium

medium

medium

high

medium

high

critical

medium

critical