Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1983.NASL
HistoryAug 22, 2019 - 12:00 a.m.

openSUSE Security Update : ImageMagick (openSUSE-2019-1983)

2019-08-2200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

This update for ImageMagick fixes the following issues :

  • CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554).

  • CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520).

  • CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501).

  • CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513).

  • CVE-2019-13303: Fixed a heap-based buffer over-read in MagickCore/composite.c in CompositeImage (bsc#1140549).

  • CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665).

  • CVE-2019-13299: Fixed a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668).

  • CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171).

  • CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664).

  • CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666).

  • CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886).

  • CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673).

  • CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534).

  • CVE-2019-13302: Fixed a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages (bsc#1140552).

  • CVE-2019-13298: Fixed a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667).

  • CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669).

  • CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538).

  • CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag() (bsc#1139884).

  • CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106).

  • CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103).

  • CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885).

  • CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111).

  • CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140547).

  • CVE-2019-13305: Fixed one more stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140545).

  • CVE-2019-13306: Fixed an additional stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140543).

  • CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100).

  • CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102).

  • CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105).

  • CVE-2019-13136: Fixed a integer overflow vulnerability in the TIFFSeekCustomStream() (bsc#1140104).

  • CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110).

This update was imported from the SUSE:SLE-15:Update update project.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1983.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('compat.inc');

if (description)
{
  script_id(128070);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/02");

  script_cve_id(
    "CVE-2019-12974",
    "CVE-2019-12975",
    "CVE-2019-12976",
    "CVE-2019-12977",
    "CVE-2019-12978",
    "CVE-2019-12979",
    "CVE-2019-13133",
    "CVE-2019-13134",
    "CVE-2019-13135",
    "CVE-2019-13136",
    "CVE-2019-13137",
    "CVE-2019-13295",
    "CVE-2019-13296",
    "CVE-2019-13297",
    "CVE-2019-13298",
    "CVE-2019-13299",
    "CVE-2019-13300",
    "CVE-2019-13301",
    "CVE-2019-13302",
    "CVE-2019-13303",
    "CVE-2019-13304",
    "CVE-2019-13305",
    "CVE-2019-13306",
    "CVE-2019-13307",
    "CVE-2019-13308",
    "CVE-2019-13309",
    "CVE-2019-13310",
    "CVE-2019-13311",
    "CVE-2019-13391",
    "CVE-2019-13454"
  );
  script_xref(name:"IAVB", value:"2019-B-0062-S");

  script_name(english:"openSUSE Security Update : ImageMagick (openSUSE-2019-1983)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for ImageMagick fixes the following issues :

  - CVE-2019-13301: Fixed a memory leak in
    AcquireMagickMemory() (bsc#1140554).

  - CVE-2019-13309: Fixed a memory leak at
    AcquireMagickMemory due to mishandling the NoSuchImage
    error in CLIListOperatorImages (bsc#1140520).

  - CVE-2019-13310: Fixed a memory leak at
    AcquireMagickMemory because of an error in
    MagickWand/mogrify.c (bsc#1140501).

  - CVE-2019-13311: Fixed a memory leak at
    AcquireMagickMemory because of a wand/mogrify.c error
    (bsc#1140513).

  - CVE-2019-13303: Fixed a heap-based buffer over-read in
    MagickCore/composite.c in CompositeImage (bsc#1140549).

  - CVE-2019-13296: Fixed a memory leak in
    AcquireMagickMemory because of an error in
    CLIListOperatorImages in MagickWand/operation.c
    (bsc#1140665).

  - CVE-2019-13299: Fixed a heap-based buffer over-read at
    MagickCore/pixel-accessor.h in GetPixelChannel
    (bsc#1140668).

  - CVE-2019-13454: Fixed a division by zero in
    RemoveDuplicateLayers in MagickCore/layer.c
    (bsc#1141171).

  - CVE-2019-13295: Fixed a heap-based buffer over-read at
    MagickCore/threshold.c in AdaptiveThresholdImage
    (bsc#1140664).

  - CVE-2019-13297: Fixed a heap-based buffer over-read at
    MagickCore/threshold.c in AdaptiveThresholdImage
    (bsc#1140666).

  - CVE-2019-12979: Fixed the use of uninitialized values in
    SyncImageSettings() (bsc#1139886).

  - CVE-2019-13391: Fixed a heap-based buffer over-read in
    MagickCore/fourier.c (bsc#1140673).

  - CVE-2019-13308: Fixed a heap-based buffer overflow in
    MagickCore/fourier.c (bsc#1140534).

  - CVE-2019-13302: Fixed a heap-based buffer over-read in
    MagickCore/fourier.c in ComplexImages (bsc#1140552).

  - CVE-2019-13298: Fixed a heap-based buffer overflow at
    MagickCore/pixel-accessor.h in SetPixelViaPixelInfo
    (bsc#1140667).

  - CVE-2019-13300: Fixed a heap-based buffer overflow at
    MagickCore/statistic.c in EvaluateImages (bsc#1140669).

  - CVE-2019-13307: Fixed a heap-based buffer overflow at
    MagickCore/statistic.c (bsc#1140538).

  - CVE-2019-12977: Fixed the use of uninitialized values in
    WriteJP2Imag() (bsc#1139884).

  - CVE-2019-12975: Fixed a memory leak in the
    WriteDPXImage() in coders/dpx.c (bsc#1140106).

  - CVE-2019-13135: Fixed the use of uninitialized values in
    ReadCUTImage() (bsc#1140103).

  - CVE-2019-12978: Fixed the use of uninitialized values in
    ReadPANGOImage() (bsc#1139885).

  - CVE-2019-12974: Fixed a NULL pointer dereference in the
    ReadPANGOImage() (bsc#1140111).

  - CVE-2019-13304: Fixed a stack-based buffer overflow at
    coders/pnm.c in WritePNMImage (bsc#1140547).

  - CVE-2019-13305: Fixed one more stack-based buffer
    overflow at coders/pnm.c in WritePNMImage (bsc#1140545).

  - CVE-2019-13306: Fixed an additional stack-based buffer
    overflow at coders/pnm.c in WritePNMImage (bsc#1140543).

  - CVE-2019-13133: Fixed a memory leak in the
    ReadBMPImage() (bsc#1140100).

  - CVE-2019-13134: Fixed a memory leak in the
    ReadVIFFImage() (bsc#1140102).

  - CVE-2019-13137: Fixed a memory leak in the ReadPSImage()
    (bsc#1140105).

  - CVE-2019-13136: Fixed a integer overflow vulnerability
    in the TIFFSeekCustomStream() (bsc#1140104).

  - CVE-2019-12976: Fixed a memory leak in the
    ReadPCLImage() in coders/pcl.c(bsc#1140110).

This update was imported from the SUSE:SLE-15:Update update project.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139884");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139885");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139886");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140100");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140102");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140103");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140104");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140105");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140106");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140110");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140111");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140501");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140513");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140520");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140534");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140538");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140543");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140545");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140547");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140549");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140552");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140554");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140664");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140665");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140666");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140667");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140668");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140669");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140673");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141171");
  script_set_attribute(attribute:"solution", value:
"Update the affected ImageMagick packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13391");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-config-7-SUSE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-config-7-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ImageMagick-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-7_Q16HDRI4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagick++-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickCore-7_Q16HDRI6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libMagickWand-7_Q16HDRI6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-PerlMagick-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-config-7-SUSE-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-config-7-upstream-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-debugsource-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-devel-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-extra-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"ImageMagick-extra-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-7_Q16HDRI4-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagick++-devel-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagickCore-7_Q16HDRI6-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagickWand-7_Q16HDRI6-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"perl-PerlMagick-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"perl-PerlMagick-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"ImageMagick-devel-32bit-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagick++-devel-32bit-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp151.7.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-lp151.7.9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ImageMagick / ImageMagick-config-7-SUSE / etc");
}
VendorProductVersionCPE
novellopensuseimagemagickp-cpe:/a:novell:opensuse:imagemagick
novellopensuseimagemagick-config-7-susep-cpe:/a:novell:opensuse:imagemagick-config-7-suse
novellopensuseimagemagick-config-7-upstreamp-cpe:/a:novell:opensuse:imagemagick-config-7-upstream
novellopensuseimagemagick-debuginfop-cpe:/a:novell:opensuse:imagemagick-debuginfo
novellopensuseimagemagick-debugsourcep-cpe:/a:novell:opensuse:imagemagick-debugsource
novellopensuseimagemagick-develp-cpe:/a:novell:opensuse:imagemagick-devel
novellopensuseimagemagick-devel-32bitp-cpe:/a:novell:opensuse:imagemagick-devel-32bit
novellopensuseimagemagick-extrap-cpe:/a:novell:opensuse:imagemagick-extra
novellopensuseimagemagick-extra-debuginfop-cpe:/a:novell:opensuse:imagemagick-extra-debuginfo
novellopensuselibmagick%2b%2b-7_q16hdri4p-cpe:/a:novell:opensuse:libmagick%2b%2b-7_q16hdri4
Rows per page:
1-10 of 261

References

Related

suse 1
nessus 32
openvas 24
ibm 3
ubuntu 1
cloudfoundry 1
debian 4
osv 11
ubuntucve 11
cve 13
amazon 10
alpinelinux 8
debiancve 11
veracode 13
redhatcve 12
prion 12
cvelist 13
nvd 16
oraclelinux 1
f5 1
centos 1
suse
suse
Security update for ImageMagick (moderate)
2019-08-21 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:2106-1)
2019-08-12 00:00:00
ImageMagick < 7.0.8-56 Multiple vulnerabilities
2019-07-26 00:00:00
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:2010-1)
2019-08-12 00:00:00
openvas
openvas
openSUSE: Security Advisory for ImageMagick (openSUSE-SU-2019:1983-1)
2019-08-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2106-1)
2021-06-09 00:00:00
ImageMagick <= 7.0.8-50 Multiple Vulnerabilities - Windows
2019-07-15 00:00:00
ibm
ibm
Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux
2020-01-21 09:05:12
Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux
2020-01-21 09:01:17
Security Bulletin: IBM Integration Bus Hyper visor Edition V9.0 require customer action for security vulnerabilities in Red Hat Linux
2020-01-21 08:53:12
ubuntu
ubuntu
ImageMagick vulnerabilities
2019-11-14 00:00:00
cloudfoundry
cloudfoundry
USN-4192-1: ImageMagick vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
debian
debian
[SECURITY] [DLA 1888-1] imagemagick security update
2019-08-16 14:14:20
[SECURITY] [DSA 4712-1] imagemagick security update
2020-06-30 20:31:53
[SECURITY] [DSA 4715-1] imagemagick security update
2020-07-02 18:34:51
osv
osv
imagemagick - security update
2019-08-16 00:00:00
imagemagick - security update
2020-06-30 00:00:00
imagemagick - security update
2020-07-02 00:00:00
ubuntucve
ubuntucve
CVE-2019-13391
2019-07-07 00:00:00
CVE-2019-13310
2019-07-05 00:00:00
CVE-2019-13136
2019-07-01 00:00:00
cve
cve
CVE-2019-13137
2019-07-01 20:15:11
CVE-2019-13136
2019-07-01 20:15:11
CVE-2019-13298
2019-07-05 01:15:10
amazon
amazon
Medium: php-pecl-imagick
2020-06-23 07:03:00
Important: ImageMagick
2024-03-13 19:46:00
Medium: php71-pecl-imagick
2023-08-21 12:14:00
alpinelinux
alpinelinux
CVE-2019-13302
2019-07-05 01:15:10
CVE-2019-13298
2019-07-05 01:15:10
CVE-2019-13136
2019-07-01 20:15:11
debiancve
debiancve
CVE-2019-13137
2019-07-01 20:15:11
CVE-2019-13298
2019-07-05 01:15:10
CVE-2019-13299
2019-07-05 01:15:10
veracode
veracode
Arbitrary Code Execution
2020-04-29 22:57:18
Arbitrary Code Execution
2020-05-10 23:26:21
Heap-based Buffer Over-read
2020-05-10 23:22:00
redhatcve
redhatcve
CVE-2019-13136
2019-07-02 08:22:44
CVE-2019-13303
2019-07-16 14:52:21
CVE-2019-13137
2019-07-02 08:23:12
prion
prion
Integer overflow
2019-07-01 20:15:00
Heap overflow
2019-07-05 01:15:00
Null pointer dereference
2019-07-05 01:15:00
cvelist
cvelist
CVE-2019-13136
2019-07-01 19:27:46
CVE-2019-13299
2019-07-05 00:52:07
CVE-2019-13298
2019-07-05 00:51:52
nvd
nvd
CVE-2019-12977
2019-06-26 18:15:10
CVE-2019-13136
2019-07-01 20:15:11
CVE-2019-12975
2019-06-26 18:15:10
oraclelinux
oraclelinux
ImageMagick security, bug fix, and enhancement update
2020-04-06 00:00:00
f5
f5
K20336394 : ImageMagick vulnerability CVE-2019-13135
2019-10-08 00:00:00
centos
centos
ImageMagick, autotrace, emacs, inkscape security update
2020-04-08 17:42:49

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON
Related for OPENSUSE-2019-1983.NASL
suse1nessus32openvas24ibm3ubuntu1cloudfoundry1debian4osv11ubuntucve11cve13amazon10alpinelinux8debiancve11veracode13redhatcve12prion12cvelist13nvd16oraclelinux1f51centos1