Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.0880.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:0880-1)
Zusammenfassung:The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2018:0880-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2018:0880-1 advisory.

Vulnerability Insight:
This update for ImageMagick fixes several issues.
These security issues were fixed:
- CVE-2018-8804: The WriteEPTImage function allowed remote attackers to
cause a denial of service (double free and application crash) or
possibly have unspecified other impact via a crafted file (bsc#1086011)
- CVE-2017-11524: The WriteBlob function allowed remote attackers to cause
a denial of service (assertion failure and application exit) via a
crafted file (bsc#1050087)
- CVE-2017-18219: Prevent allocation failure in the function
ReadOnePNGImage, which allowed attackers to cause a denial of service
via a crafted file that triggers an attempt at a large png_pixels array
allocation (bsc#1084060).
- CVE-2017-9500: Prevent assertion failure in the function
ResetImageProfileIterator, which allowed attackers to cause a denial of
service via a crafted file (bsc#1043290)
- CVE-2017-16353: Prevent memory information disclosure in the
DescribeImage function caused by a heap-based buffer over-read. The
portion of the code containing the vulnerability is responsible for
printing the IPTC Profile information contained in the image. This
vulnerability can be triggered with a specially crafted MIFF file. There
is an out-of-bounds buffer dereference because certain increments were
never checked (bsc#1066170)
- CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display
visual image directory' feature of the DescribeImage() function. One
possible way to trigger the vulnerability is to run the identify command
on a specially crafted MIFF format file with the verbose flag
(bsc#1066168)
- CVE-2017-14314: Prevent off-by-one error in the DrawImage function that
allowed remote attackers to cause a denial of service (DrawDashPolygon
heap-based buffer over-read and application crash) via a crafted file
(bsc#1058630)
- CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage
function that allowed an attacker to perform denial of service by
sending a crafted image file (bsc#1056434)
- CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers
to perform Denial of Service (NULL pointer dereference and application
crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a
crafted Image File as input (bsc#1059735)
- CVE-2018-7443: The ReadTIFFImage function did not properly validate the
amount of image data in a file, which allowed remote attackers to cause
a denial of service (memory allocation failure in the
AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792)
- CVE-2017-15016: Prevent NULL pointer dereference vulnerability in
ReadEnhMetaFile allowing for denial of service (bsc#1082291)
- CVE-2017-15017: Prevent NULL pointer dereference vulnerability in
ReadOneMNGImage allowing for denial of service (bsc#1082283)
- CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to
cause a denial of service (memory c... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ImageMagick' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9500
BugTraq ID: 98941
http://www.securityfocus.com/bid/98941
Debian Security Information: DSA-4019 (Google Search)
https://www.debian.org/security/2017/dsa-4019
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7443
https://github.com/ImageMagick/ImageMagick/issues/999
https://lists.debian.org/debian-lts-announce/2018/02/msg00028.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html
https://usn.ubuntu.com/3681-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8804
BugTraq ID: 103498
http://www.securityfocus.com/bid/103498
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.