Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2016.1782.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:1782-1)
Summary:The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2016:1782-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2016:1782-1 advisory.

Vulnerability Insight:
ImageMagick was updated to fix 55 security issues.
These security issues were fixed:
- CVE-2014-9810: SEGV in dpx file handler (bsc#983803).
- CVE-2014-9811: Crash in xwd file handler (bsc#984032).
- CVE-2014-9812: NULL pointer dereference in ps file handling (bsc#984137).
- CVE-2014-9813: Crash on corrupted viff file (bsc#984035).
- CVE-2014-9814: NULL pointer dereference in wpg file handling
(bsc#984193).
- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).
- CVE-2014-9816: Out of bound access in viff image (bsc#984398).
- CVE-2014-9817: Heap buffer overflow in pdb file handling (bsc#984400).
- CVE-2014-9818: Out of bound access on malformed sun file (bsc#984181).
- CVE-2014-9819: Heap overflow in palm files (bsc#984142).
- CVE-2014-9830: Handling of corrupted sun file (bsc#984135).
- CVE-2014-9831: Handling of corrupted wpg file (bsc#984375).
- CVE-2014-9836: Crash in xpm file handling (bsc#984023).
- CVE-2014-9851: Crash when parsing resource block (bsc#984160).
- CVE-2016-5689: NULL ptr dereference in dcm coder (bsc#985460).
- CVE-2014-9853: Memory leak in rle file handling (bsc#984408).
- CVE-2015-8902: PDB file DoS (CPU consumption) (bsc#983253).
- CVE-2015-8903: Denial of service (cpu) in vicar (bsc#983259).
- CVE-2015-8901: MIFF file DoS (endless loop) (bsc#983234).
- CVE-2014-9834: Heap overflow in pict file (bsc#984436).
- CVE-2014-9806: Prevent file descriptr leak due to corrupted file
(bsc#983774).
- CVE-2014-9838: Out of memory crash in magick/cache.c (bsc#984370).
- CVE-2014-9854: Filling memory during identification of TIFF image
(bsc#984184).
- CVE-2015-8898: Prevent null pointer access in magick/constitute.c
(bsc#983746).
- CVE-2015-8894: Double free in coders/tga.c:221 (bsc#983523).
- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).
- CVE-2015-8897: Out of bounds error in SpliceImage (bsc#983739).
- CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).
- CVE-2016-5691: Checks for pixel.red/green/blue in dcm coder (bsc#985456).
- CVE-2014-9805: SEGV due to a corrupted pnm file. (bsc#983752).
- CVE-2014-9808: SEGV due to corrupted dpc images. (bsc#983796).
- CVE-2014-9820: heap overflow in xpm files (bsc#984150).
- CVE-2014-9823: heap overflow in palm file (bsc#984401).
- CVE-2014-9822: heap overflow in quantum file (bsc#984187).
- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).
- CVE-2014-9824: Heap overflow in psd file (bsc#984185).
- CVE-2014-9809: Fix a SEGV due to corrupted xwd images. (bsc#983799).
- CVE-2014-9826: Incorrect error handling in sun files (bsc#984186).
- CVE-2014-9842: Memory leak in psd handling (bsc#984374).
- CVE-2016-5687: Out of bounds read in DDS coder (bsc#985448).
- CVE-2014-9840: Out of bound access in palm file (bsc#984433).
- CVE-2014-9847: Incorrect handling of 'previous' image in the JNG decoder
(bsc#984144).
- CVE-2014-9846: A... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ImageMagick' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9805
http://www.openwall.com/lists/oss-security/2014/12/24/1
http://www.openwall.com/lists/oss-security/2016/06/02/13
Common Vulnerability Exposure (CVE) ID: CVE-2014-9806
Common Vulnerability Exposure (CVE) ID: CVE-2014-9807
Common Vulnerability Exposure (CVE) ID: CVE-2014-9808
Common Vulnerability Exposure (CVE) ID: CVE-2014-9809
Common Vulnerability Exposure (CVE) ID: CVE-2014-9810
Common Vulnerability Exposure (CVE) ID: CVE-2014-9811
Common Vulnerability Exposure (CVE) ID: CVE-2014-9812
Common Vulnerability Exposure (CVE) ID: CVE-2014-9813
Common Vulnerability Exposure (CVE) ID: CVE-2014-9814
Common Vulnerability Exposure (CVE) ID: CVE-2014-9815
Common Vulnerability Exposure (CVE) ID: CVE-2014-9816
Common Vulnerability Exposure (CVE) ID: CVE-2014-9817
Common Vulnerability Exposure (CVE) ID: CVE-2014-9818
Common Vulnerability Exposure (CVE) ID: CVE-2014-9819
Common Vulnerability Exposure (CVE) ID: CVE-2014-9820
Common Vulnerability Exposure (CVE) ID: CVE-2014-9822
Common Vulnerability Exposure (CVE) ID: CVE-2014-9823
Common Vulnerability Exposure (CVE) ID: CVE-2014-9824
Common Vulnerability Exposure (CVE) ID: CVE-2014-9826
Common Vulnerability Exposure (CVE) ID: CVE-2014-9828
Common Vulnerability Exposure (CVE) ID: CVE-2014-9829
Common Vulnerability Exposure (CVE) ID: CVE-2014-9830
Common Vulnerability Exposure (CVE) ID: CVE-2014-9831
Common Vulnerability Exposure (CVE) ID: CVE-2014-9834
Common Vulnerability Exposure (CVE) ID: CVE-2014-9835
Common Vulnerability Exposure (CVE) ID: CVE-2014-9836
Common Vulnerability Exposure (CVE) ID: CVE-2014-9837
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26682
Common Vulnerability Exposure (CVE) ID: CVE-2014-9838
Common Vulnerability Exposure (CVE) ID: CVE-2014-9839
Common Vulnerability Exposure (CVE) ID: CVE-2014-9840
Common Vulnerability Exposure (CVE) ID: CVE-2014-9842
SuSE Security Announcement: SUSE-SU-2016:1782 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:1784 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
SuSE Security Announcement: openSUSE-SU-2016:1748 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
SuSE Security Announcement: openSUSE-SU-2016:1833 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9844
SuSE Security Announcement: SUSE-SU-2016:1783 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
SuSE Security Announcement: openSUSE-SU-2016:1724 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
http://www.ubuntu.com/usn/USN-3131-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9845
SuSE Security Announcement: openSUSE-SU-2016:2073 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:3060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9846
Common Vulnerability Exposure (CVE) ID: CVE-2014-9847
Common Vulnerability Exposure (CVE) ID: CVE-2014-9849
Common Vulnerability Exposure (CVE) ID: CVE-2014-9851
Common Vulnerability Exposure (CVE) ID: CVE-2014-9853
Common Vulnerability Exposure (CVE) ID: CVE-2014-9854
Common Vulnerability Exposure (CVE) ID: CVE-2015-8894
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
Common Vulnerability Exposure (CVE) ID: CVE-2015-8896
BugTraq ID: 91027
http://www.securityfocus.com/bid/91027
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
http://www.openwall.com/lists/oss-security/2015/10/07/2
http://www.openwall.com/lists/oss-security/2015/10/08/3
RedHat Security Advisories: RHSA-2016:1237
https://access.redhat.com/errata/RHSA-2016:1237
Common Vulnerability Exposure (CVE) ID: CVE-2015-8897
BugTraq ID: 91030
http://www.securityfocus.com/bid/91030
Common Vulnerability Exposure (CVE) ID: CVE-2015-8898
BugTraq ID: 91039
http://www.securityfocus.com/bid/91039
https://github.com/ImageMagick/ImageMagick/pull/34
Common Vulnerability Exposure (CVE) ID: CVE-2015-8901
http://www.openwall.com/lists/oss-security/2015/02/26/13
http://www.openwall.com/lists/oss-security/2016/06/06/2
Common Vulnerability Exposure (CVE) ID: CVE-2015-8902
Common Vulnerability Exposure (CVE) ID: CVE-2015-8903
Common Vulnerability Exposure (CVE) ID: CVE-2016-4562
Common Vulnerability Exposure (CVE) ID: CVE-2016-4563
Common Vulnerability Exposure (CVE) ID: CVE-2016-4564
Common Vulnerability Exposure (CVE) ID: CVE-2016-5687
BugTraq ID: 91283
http://www.securityfocus.com/bid/91283
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
http://www.openwall.com/lists/oss-security/2016/06/14/5
http://www.openwall.com/lists/oss-security/2016/06/17/3
Common Vulnerability Exposure (CVE) ID: CVE-2016-5688
Common Vulnerability Exposure (CVE) ID: CVE-2016-5689
Common Vulnerability Exposure (CVE) ID: CVE-2016-5690
Common Vulnerability Exposure (CVE) ID: CVE-2016-5691
Common Vulnerability Exposure (CVE) ID: CVE-2016-5841
BugTraq ID: 91394
http://www.securityfocus.com/bid/91394
http://www.openwall.com/lists/oss-security/2016/06/23/1
http://www.openwall.com/lists/oss-security/2016/06/25/3
Common Vulnerability Exposure (CVE) ID: CVE-2016-5842
https://security.gentoo.org/glsa/201611-21
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.