Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-252.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : GraphicsMagick (openSUSE-SU-2013:0536-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.033

Percentile

91.5%

JSON

GraphicsMagick was updated to fix integer overflows in the _png_malloc functions (CVE-2012-3438).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-252.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74944);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-3438");

  script_name(english:"openSUSE Security Update : GraphicsMagick (openSUSE-SU-2013:0536-1)");
  script_summary(english:"Check for the openSUSE-2013-252 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"GraphicsMagick was updated to fix integer overflows in the _png_malloc
functions (CVE-2012-3438)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected GraphicsMagick packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1|SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1 / 12.2 / 12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"GraphicsMagick-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"GraphicsMagick-debuginfo-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"GraphicsMagick-debugsource-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"GraphicsMagick-devel-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagick++-devel-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagick++3-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagick++3-debuginfo-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagick3-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagick3-debuginfo-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagickWand2-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libGraphicsMagickWand2-debuginfo-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"perl-GraphicsMagick-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"perl-GraphicsMagick-debuginfo-1.3.12-14.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"GraphicsMagick-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"GraphicsMagick-debuginfo-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"GraphicsMagick-debugsource-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"GraphicsMagick-devel-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagick++-devel-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagick++3-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagick++3-debuginfo-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagick3-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagick3-debuginfo-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagickWand2-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libGraphicsMagickWand2-debuginfo-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"perl-GraphicsMagick-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"perl-GraphicsMagick-debuginfo-1.3.15-14.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"GraphicsMagick-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"GraphicsMagick-debuginfo-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"GraphicsMagick-debugsource-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"GraphicsMagick-devel-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagick++-devel-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagick++3-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagick++3-debuginfo-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagick3-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagick3-debuginfo-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagickWand2-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libGraphicsMagickWand2-debuginfo-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"perl-GraphicsMagick-1.3.17-2.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"perl-GraphicsMagick-debuginfo-1.3.17-2.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick");
}
VendorProductVersionCPE
novellopensusegraphicsmagickp-cpe:/a:novell:opensuse:graphicsmagick
novellopensusegraphicsmagick-debuginfop-cpe:/a:novell:opensuse:graphicsmagick-debuginfo
novellopensusegraphicsmagick-debugsourcep-cpe:/a:novell:opensuse:graphicsmagick-debugsource
novellopensusegraphicsmagick-develp-cpe:/a:novell:opensuse:graphicsmagick-devel
novellopensuselibgraphicsmagick%2b%2b-develp-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b-devel
novellopensuselibgraphicsmagick%2b%2b3p-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b3
novellopensuselibgraphicsmagick%2b%2b3-debuginfop-cpe:/a:novell:opensuse:libgraphicsmagick%2b%2b3-debuginfo
novellopensuselibgraphicsmagick3p-cpe:/a:novell:opensuse:libgraphicsmagick3
novellopensuselibgraphicsmagick3-debuginfop-cpe:/a:novell:opensuse:libgraphicsmagick3-debuginfo
novellopensuselibgraphicsmagickwand2p-cpe:/a:novell:opensuse:libgraphicsmagickwand2
Rows per page:
1-10 of 161

Related

openvas 9
nessus 8
fedora 3
prion 1
cvelist 1
securityvulns 1
nvd 1
cve 1
debiancve 1
ubuntucve 1
freebsd 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:0757-1)
2021-06-09 00:00:00
FreeBSD Ports: ImageMagick, ImageMagick-nox11
2012-09-26 00:00:00
Fedora Update for GraphicsMagick FEDORA-2012-12366
2012-09-11 00:00:00
nessus
nessus
Fedora 16 : GraphicsMagick-1.3.16-5.fc16 (2012-12366)
2012-09-10 00:00:00
Mandriva Linux Security Advisory : graphicsmagick (MDVSA-2012:165)
2012-10-15 00:00:00
SuSE 11.2 Security Update : ImageMagick (SAT Patch Number 7520)
2013-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: GraphicsMagick-1.3.16-5.fc18
2012-09-17 23:48:44
[SECURITY] Fedora 16 Update: GraphicsMagick-1.3.16-5.fc16
2012-09-07 11:31:15
[SECURITY] Fedora 17 Update: GraphicsMagick-1.3.16-5.fc17
2012-09-07 11:34:45
prion
prion
Design/Logic Flaw
2012-08-07 21:55:00
cvelist
cvelist
CVE-2012-3438
2012-08-07 21:00:00
securityvulns
securityvulns
graphicsmagick memory corruption
2012-10-17 00:00:00
nvd
nvd
CVE-2012-3438
2012-08-07 21:55:02
cve
cve
CVE-2012-3438
2012-08-07 21:55:02
debiancve
debiancve
CVE-2012-3438
2012-08-07 21:55:02
ubuntucve
ubuntucve
CVE-2012-3438
2012-08-07 00:00:00
freebsd
freebsd
ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
2012-07-28 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.033

Percentile

91.5%

JSON
Related for OPENSUSE-2013-252.NASL
openvas9nessus8fedora3prion1cvelist1securityvulns1nvd1cve1debiancve1ubuntucve1freebsd1