Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3746.NASL
HistoryDec 27, 2016 - 12:00 a.m.

Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)

2016-12-2700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.971 High

EPSS

Percentile

99.8%

JSON

Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution.

This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based shell exploits for fixing the CVE-2016-3714 vulnerability.

The undocumented ‘TMP’ magick prefix no longer removes the argument file after it has been read for fixing the CVE-2016-3715 vulnerability. Since the ‘TMP’ feature was originally implemented, GraphicsMagick added a temporary file management subsystem which assures that temporary files are removed so this feature is not needed.

Remove support for reading input from a shell command, or writing output to a shell command, by prefixing the specified filename (containing the command) with a ‘|’ for fixing the CVE-2016-5118 vulnerability.

  • CVE-2015-8808 Gustavo Grieco discovered an out of bound read in the parsing of GIF files which may cause denial of service.

  • CVE-2016-2317 Gustavo Grieco discovered a stack-based buffer overflow and two heap buffer overflows while processing SVG images which may cause denial of service.

  • CVE-2016-2318 Gustavo Grieco discovered several segmentation faults while processing SVG images which may cause denial of service.

  • CVE-2016-5240 Gustavo Grieco discovered an endless loop problem caused by negative stroke-dasharray arguments while parsing SVG files which may cause denial of service.

  • CVE-2016-7800 Marco Grassi discovered an unsigned underflow leading to heap overflow when parsing 8BIM chunk often attached to JPG files which may cause denial of service.

  • CVE-2016-7996 Moshe Kaplan discovered that there is no check that the provided colormap is not larger than 256 entries in the WPG reader which may cause denial of service.

  • CVE-2016-7997 Moshe Kaplan discovered that an assertion is thrown for some files in the WPG reader due to a logic error which may cause denial of service.

  • CVE-2016-8682 Agostino Sarubbo of Gentoo discovered a stack buffer read overflow while reading the SCT header which may cause denial of service.

  • CVE-2016-8683 Agostino Sarubbo of Gentoo discovered a memory allocation failure in the PCX coder which may cause denial of service.

  • CVE-2016-8684 Agostino Sarubbo of Gentoo discovered a memory allocation failure in the SGI coder which may cause denial of service.

  • CVE-2016-9830 Agostino Sarubbo of Gentoo discovered a memory allocation failure in MagickRealloc() function which may cause denial of service.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3746. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(96103);
  script_version("3.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/30");

  script_cve_id("CVE-2015-8808", "CVE-2016-2317", "CVE-2016-2318", "CVE-2016-3714", "CVE-2016-3715", "CVE-2016-5118", "CVE-2016-5240", "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-8682", "CVE-2016-8683", "CVE-2016-8684", "CVE-2016-9830");
  script_xref(name:"DSA", value:"3746");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");

  script_name(english:"Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in GraphicsMagick, a
collection of image processing tool, which can cause denial of service
attacks, remote file deletion, and remote command execution.

This security update removes the full support of PLT/Gnuplot decoder
to prevent Gnuplot-shell based shell exploits for fixing the
CVE-2016-3714 vulnerability.

The undocumented 'TMP' magick prefix no longer removes the argument
file after it has been read for fixing the CVE-2016-3715
vulnerability. Since the 'TMP' feature was originally implemented,
GraphicsMagick added a temporary file management subsystem which
assures that temporary files are removed so this feature is not
needed.

Remove support for reading input from a shell command, or writing
output to a shell command, by prefixing the specified filename
(containing the command) with a '|' for fixing the CVE-2016-5118
vulnerability.

  - CVE-2015-8808
    Gustavo Grieco discovered an out of bound read in the
    parsing of GIF files which may cause denial of service.

  - CVE-2016-2317
    Gustavo Grieco discovered a stack-based buffer overflow
    and two heap buffer overflows while processing SVG
    images which may cause denial of service.

  - CVE-2016-2318
    Gustavo Grieco discovered several segmentation faults
    while processing SVG images which may cause denial of
    service.

  - CVE-2016-5240
    Gustavo Grieco discovered an endless loop problem caused
    by negative stroke-dasharray arguments while parsing SVG
    files which may cause denial of service.

  - CVE-2016-7800
    Marco Grassi discovered an unsigned underflow leading to
    heap overflow when parsing 8BIM chunk often attached to
    JPG files which may cause denial of service.

  - CVE-2016-7996
    Moshe Kaplan discovered that there is no check that the
    provided colormap is not larger than 256 entries in the
    WPG reader which may cause denial of service.

  - CVE-2016-7997
    Moshe Kaplan discovered that an assertion is thrown for
    some files in the WPG reader due to a logic error which
    may cause denial of service.

  - CVE-2016-8682
    Agostino Sarubbo of Gentoo discovered a stack buffer
    read overflow while reading the SCT header which may
    cause denial of service.

  - CVE-2016-8683
    Agostino Sarubbo of Gentoo discovered a memory
    allocation failure in the PCX coder which may cause
    denial of service.

  - CVE-2016-8684
    Agostino Sarubbo of Gentoo discovered a memory
    allocation failure in the SGI coder which may cause
    denial of service.

  - CVE-2016-9830
    Agostino Sarubbo of Gentoo discovered a memory
    allocation failure in MagickRealloc() function which may
    cause denial of service."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814732"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-3714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-3715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-5118"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-8808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-2317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-2318"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-5240"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-7800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-7996"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-7997"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-8682"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-8683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-8684"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-9830"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2016-9830"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/graphicsmagick"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2016/dsa-3746"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the graphicsmagick packages.

For the stable distribution (jessie), these problems have been fixed
in version 1.3.20-3+deb8u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphicsmagick");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/27");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"graphicsmagick", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"graphicsmagick-dbg", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"graphicsmagick-imagemagick-compat", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"graphicsmagick-libmagick-dev-compat", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgraphics-magick-perl", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgraphicsmagick++1-dev", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgraphicsmagick++3", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgraphicsmagick1-dev", reference:"1.3.20-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libgraphicsmagick3", reference:"1.3.20-3+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxgraphicsmagickp-cpe:/a:debian:debian_linux:graphicsmagick
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

References

Related

openvas 45
osv 5
debian 8
fedora 11
amazon 4
nessus 27
mageia 5
attackerkb 1
freebsd 2
suse 9
ubuntu 1
cloudfoundry 1
oraclelinux 2
debiancve 9
cvelist 10
ubuntucve 10
prion 11
alpinelinux 6
nvd 10
cve 10
archlinux 1
f5 5
slackware 2
checkpoint_advisories 1
altlinux 1
veracode 1
centos 1
openvas
openvas
Debian: Security Advisory (DSA-3746-1)
2016-12-23 00:00:00
Debian Security Advisory DSA 3746-1 (graphicsmagick - security update)
2016-12-24 00:00:00
Fedora Update for GraphicsMagick FEDORA-2017-d2bab54ac9
2017-03-13 00:00:00
osv
osv
graphicsmagick - security update
2016-12-24 00:00:00
graphicsmagick - security update
2016-10-26 00:00:00
graphicsmagick - security update
2016-05-21 00:00:00
debian
debian
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
[SECURITY] [DSA 3746-1] graphicsmagick security update
2016-12-24 22:03:28
[SECURITY] [DLA 683-1] graphicsmagick security update
2016-10-26 22:34:15
fedora
fedora
[SECURITY] Fedora 25 Update: GraphicsMagick-1.3.25-6.fc25
2017-03-09 13:24:51
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.25-6.fc24
2017-03-11 11:52:39
[SECURITY] Fedora 24 Update: GraphicsMagick-1.3.24-1.fc24
2016-06-18 19:49:22
amazon
amazon
Medium: GraphicsMagick
2017-04-20 06:08:00
Important: GraphicsMagick
2016-06-22 15:00:00
Medium: GraphicsMagick
2016-03-30 17:45:00
nessus
nessus
Amazon Linux AMI : GraphicsMagick (ALAS-2017-820)
2017-04-21 00:00:00
Debian DLA-683-1 : graphicsmagick security update
2016-10-27 00:00:00
Debian DLA-484-1 : graphicsmagick security update (ImageTragick)
2016-05-24 00:00:00
mageia
mageia
The updated packages fix a security vulnerability
2016-10-08 23:18:54
Updated graphicsmagick packages fix security vulnerability
2016-10-26 02:11:42
Updated graphicsmagick packages fix security vulnerability
2016-07-14 23:33:59
attackerkb
attackerkb
CVE-2016-3715
2016-05-05 00:00:00
freebsd
freebsd
GraphicsMagick -- multiple vulnerabilities
2017-07-04 00:00:00
ImageMagick -- multiple vulnerabilities
2016-05-03 00:00:00
suse
suse
Security update for GraphicsMagick (important)
2016-06-17 18:08:17
Security update for GraphicsMagick (important)
2016-05-18 14:08:13
Security update for GraphicsMagick (important)
2016-06-08 12:07:24
ubuntu
ubuntu
ImageMagick vulnerabilities
2016-06-02 00:00:00
cloudfoundry
cloudfoundry
USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry
2016-06-13 00:00:00
oraclelinux
oraclelinux
ImageMagick security update
2016-06-16 00:00:00
ImageMagick security update
2016-05-09 00:00:00
debiancve
debiancve
CVE-2016-7997
2017-01-18 17:59:01
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-9830
2017-03-01 20:59:00
cvelist
cvelist
CVE-2016-7996
2017-01-18 17:00:00
CVE-2016-9830
2017-03-01 20:00:00
CVE-2016-7997
2017-01-18 17:00:00
ubuntucve
ubuntucve
CVE-2016-7996
2017-01-18 00:00:00
CVE-2016-9830
2017-03-01 00:00:00
CVE-2016-7997
2017-01-18 00:00:00
prion
prion
Heap overflow
2017-01-18 17:59:00
Design/Logic Flaw
2017-03-01 20:59:00
Null pointer dereference
2017-01-18 17:59:00
alpinelinux
alpinelinux
CVE-2016-9830
2017-03-01 20:59:00
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-7997
2017-01-18 17:59:01
nvd
nvd
CVE-2016-9830
2017-03-01 20:59:00
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-7997
2017-01-18 17:59:01
cve
cve
CVE-2016-7996
2017-01-18 17:59:00
CVE-2016-9830
2017-03-01 20:59:00
CVE-2016-7997
2017-01-18 17:59:01
archlinux
archlinux
graphicsmagick: multiple issues
2016-09-09 00:00:00
f5
f5
K82747025 : GraphicsMagick vulnerability CVE-2016-5118
2016-06-30 00:00:00
SOL82747025 - GraphicsMagick vulnerability CVE-2016-5118
2016-06-30 00:00:00
SOL10550253 - ImageMagick vulnerability CVE-2016-3715
2016-05-13 00:00:00
slackware
slackware
[slackware-security] imagemagick
2016-05-31 05:51:55
[slackware-security] imagemagick
2016-05-11 06:33:30
checkpoint_advisories
checkpoint_advisories
GraphicsMagick and ImageMagick popen() Command Execution (CVE-2016-5118)
2017-01-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package ImageMagick version 6.6.9.7-alt0.M60P.1
2016-06-11 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-02-01 03:16:22
centos
centos
ImageMagick security update
2016-05-09 17:51:59

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.971 High

EPSS

Percentile

99.8%

JSON
Related for DEBIAN_DSA-3746.NASL
openvas45osv5debian8fedora11amazon4nessus27mageia5attackerkb1freebsd2suse9ubuntu1cloudfoundry1oraclelinux2debiancve9cvelist10ubuntucve10prion11alpinelinux6nvd10cve10archlinux1f55slackware2checkpoint_advisories1altlinux1veracode1centos1