Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5736-1.NASL
HistoryNov 24, 2022 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 LTS : ImageMagick vulnerabilities (USN-5736-1)

2022-11-2400:00:00
Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
ubuntu 16.04
ubuntu 18.04
esm
lts
imagemagick
vulnerabilities
usn-5736-1
memory leaks
denial of service
integer overflow
crafted file
system availability
division by zero
data confidentiality
policy.xml

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5736-1 advisory.

It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user     or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker     could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04     ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data.
If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an     attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and     Ubuntu 22.10. (CVE-2021-20241)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data.
If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an     attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,     Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243)

It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based     image files. By tricking a user into opening a specially crafted image file, an attacker could crash the     application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244)

It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By     tricking a user into opening a specially crafted image file, an attacker could crash the application     causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)

It was discovered that ImageMagick incorrectly handled certain values when performing resampling     operations. By tricking a user into opening a specially crafted image file, an attacker could crash the     application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246)

It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based     image files. By tricking a user into opening a specially crafted image file, an attacker could crash the     application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309)

It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image     data. By tricking a user into opening a specially crafted image file, an attacker could crash the     application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312)

It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain     cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed.
This issue only affected Ubuntu 22.10. (CVE-2021-20313)

It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user     were tricked into opening a specially crafted file using the convert command, an attacker could possibly     use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected     Ubuntu 22.10. (CVE-2021-3574)

It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module     policy. An attacker could use this issue to read and write certain restricted files. This issue only     affected Ubuntu 22.10. (CVE-2021-39212)

It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted     SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the     application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219)

It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user     were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to     cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue     only affected Ubuntu 22.10. (CVE-2022-1114)

It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were     tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to     cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10.
(CVE-2022-28463)

It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into     processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial     of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and     Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)

It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were     tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to     cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu     18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5736-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(168160);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/28");

  script_cve_id(
    "CVE-2021-3574",
    "CVE-2021-4219",
    "CVE-2021-20224",
    "CVE-2021-20241",
    "CVE-2021-20243",
    "CVE-2021-20244",
    "CVE-2021-20245",
    "CVE-2021-20246",
    "CVE-2021-20309",
    "CVE-2021-20312",
    "CVE-2021-20313",
    "CVE-2021-39212",
    "CVE-2022-1114",
    "CVE-2022-28463",
    "CVE-2022-32545",
    "CVE-2022-32546",
    "CVE-2022-32547"
  );
  script_xref(name:"USN", value:"5736-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS : ImageMagick vulnerabilities (USN-5736-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-5736-1 advisory.

    It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user
    or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker
    could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04
    ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)

    Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data.
    If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an
    attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and
    Ubuntu 22.10. (CVE-2021-20241)

    Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data.
    If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an
    attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,
    Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243)

    It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based
    image files. By tricking a user into opening a specially crafted image file, an attacker could crash the
    application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244)

    It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By
    tricking a user into opening a specially crafted image file, an attacker could crash the application
    causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)

    It was discovered that ImageMagick incorrectly handled certain values when performing resampling
    operations. By tricking a user into opening a specially crafted image file, an attacker could crash the
    application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246)

    It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based
    image files. By tricking a user into opening a specially crafted image file, an attacker could crash the
    application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309)

    It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image
    data. By tricking a user into opening a specially crafted image file, an attacker could crash the
    application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312)

    It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain
    cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed.
    This issue only affected Ubuntu 22.10. (CVE-2021-20313)

    It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user
    were tricked into opening a specially crafted file using the convert command, an attacker could possibly
    use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected
    Ubuntu 22.10. (CVE-2021-3574)

    It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module
    policy. An attacker could use this issue to read and write certain restricted files. This issue only
    affected Ubuntu 22.10. (CVE-2021-39212)

    It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted
    SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the
    application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219)

    It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user
    were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to
    cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue
    only affected Ubuntu 22.10. (CVE-2022-1114)

    It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were
    tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to
    cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10.
    (CVE-2022-28463)

    It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into
    processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial
    of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and
    Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)

    It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were
    tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to
    cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu
    18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5736-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-32547");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-6.q16hdri");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libimage-magick-q16hdri-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-5v5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16hdri-7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-6.q16hdri-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-arch-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-2-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-3-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-3-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-6.q16hdri-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickcore5-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-6.q16hdri-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagickwand5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "ubuntu_pro_sub_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var ubuntu_pro_detected = get_kb_item('Host/Ubuntu/Pro/Services/esm-apps');
ubuntu_pro_detected = !empty_or_null(ubuntu_pro_detected);

var pro_caveat_needed = FALSE;

var pkgs = [
    {'osver': '16.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'imagemagick-6.q16', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libimage-magick-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libimage-magick-q16-perl', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagick++-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-5v5', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagick++-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6-arch-config', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-2-extra', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6-headers', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-2', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickwand-6.q16-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '16.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.8.9.9-7ubuntu5.16+esm5', 'ubuntu_pro': TRUE},
    {'osver': '18.04', 'pkgname': 'imagemagick', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'imagemagick-6-common', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'imagemagick-6.q16', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'imagemagick-6.q16hdri', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'imagemagick-common', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libimage-magick-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libimage-magick-q16-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libimage-magick-q16hdri-perl', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-6.q16-7', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-6.q16hdri-7', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagick++-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6-arch-config', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-3-extra', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-3-extra', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickcore-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-6-headers', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16hdri-3', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-6.q16hdri-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'libmagickwand-dev', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE},
    {'osver': '18.04', 'pkgname': 'perlmagick', 'pkgver': '8:6.9.7.4+dfsg-16ubuntu6.14', 'ubuntu_pro': FALSE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  var pro_required = NULL;
  if (!empty_or_null(package_array['ubuntu_pro'])) pro_required = package_array['ubuntu_pro'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) {
        flag++;
        if (!ubuntu_pro_detected && !pro_caveat_needed) pro_caveat_needed = pro_required;
    }
  }
}

if (flag)
{
  var extra = '';
  if (pro_caveat_needed) {
    extra += 'NOTE: This vulnerability check contains fixes that apply to packages only \n';
    extra += 'available in Ubuntu ESM repositories. Access to these package security updates \n';
    extra += 'require an Ubuntu Pro subscription.\n\n';
  }
  extra += ubuntu_report_get();
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : extra
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'imagemagick / imagemagick-6-common / imagemagick-6.q16 / etc');
}

References

Related

openvas 35
nessus 37
osv 17
cloudfoundry 4
ubuntu 6
debian 2
amazon 3
suse 4
mageia 2
freebsd 1
ubuntucve 10
redos 1
photon 3
gentoo 1
redhatcve 10
prion 9
debiancve 9
alpinelinux 10
veracode 10
cnvd 1
nvd 9
cve 8
cvelist 7
openvas
openvas
Ubuntu: Security Advisory (USN-5736-2)
2023-01-27 00:00:00
Ubuntu: Security Advisory (USN-5736-1)
2022-11-25 00:00:00
Debian: Security Advisory (DLA-3429-1)
2023-05-22 00:00:00
nessus
nessus
Ubuntu 20.04 ESM / 22.04 ESM : ImageMagick vulnerabilities (USN-5736-2)
2023-10-23 00:00:00
Debian DLA-3429-1 : imagemagick - LTS security update
2023-05-22 00:00:00
Amazon Linux 2 : ImageMagick (ALAS-2023-1971)
2023-03-07 00:00:00
osv
osv
imagemagick vulnerabilities
2022-11-24 08:11:00
imagemagick vulnerabilities
2022-11-24 11:23:13
imagemagick - security update
2023-05-21 00:00:00
cloudfoundry
cloudfoundry
USN-5736-1: ImageMagick vulnerabilities | Cloud Foundry
2023-02-03 00:00:00
USN-5158-1: ImageMagick vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
USN-6200-1: ImageMagick vulnerabilities | Cloud Foundry
2024-08-22 00:00:00
ubuntu
ubuntu
ImageMagick vulnerabilities
2022-11-24 00:00:00
ImageMagick vulnerabilities
2022-11-24 00:00:00
ImageMagick vulnerabilities
2021-11-29 00:00:00
debian
debian
[SECURITY] [DLA 3429-1] imagemagick security update
2023-05-21 22:21:07
[SECURITY] [DLA 2672-1] imagemagick security update
2021-06-03 04:59:21
amazon
amazon
Medium: ImageMagick
2023-03-02 22:35:00
Medium: ImageMagick
2023-03-02 20:22:00
Low: ImageMagick
2024-05-23 22:04:00
suse
suse
Security update for ImageMagick (moderate)
2021-03-03 00:00:00
Security update for ImageMagick (moderate)
2022-07-06 00:00:00
Security update for ImageMagick (moderate)
2021-04-23 00:00:00
mageia
mageia
Updated imagemagick packages fix security vulnerabilities
2021-03-27 17:27:02
Updated imagemagick packages fix security vulnerability
2022-12-07 02:32:48
freebsd
freebsd
ImageMagick7 -- multiple vulnerabilities
2020-10-27 00:00:00
ubuntucve
ubuntucve
CVE-2021-20313
2021-05-11 00:00:00
CVE-2021-20243
2021-03-09 00:00:00
CVE-2021-20245
2021-03-09 00:00:00
redos
redos
ROS-20221121-03
2022-11-21 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0418
2022-07-11 00:00:00
Important Photon OS Security Update - PHSA-2022-0214
2022-07-21 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0418
2022-07-11 00:00:00
gentoo
gentoo
ImageMagick: Multiple Vulnerabilities
2024-05-04 00:00:00
redhatcve
redhatcve
CVE-2021-20245
2021-02-15 21:58:58
CVE-2021-39212
2021-09-30 15:02:39
CVE-2021-20312
2021-04-06 19:22:20
prion
prion
Design/Logic Flaw
2021-09-13 18:15:00
Integer overflow
2022-08-25 20:15:00
Integer overflow
2021-05-11 23:15:00
debiancve
debiancve
CVE-2021-39212
2021-09-13 18:15:23
CVE-2021-20245
2021-03-09 19:15:12
CVE-2021-20241
2021-03-09 18:15:14
alpinelinux
alpinelinux
CVE-2021-39212
2021-09-13 18:15:23
CVE-2021-20241
2021-03-09 18:15:14
CVE-2021-20245
2021-03-09 19:15:12
veracode
veracode
Arbitrary File Read And Write
2021-11-25 19:41:47
Denial Of Service (DoS)
2021-03-25 00:58:58
Denial Of Service (DoS)
2021-04-29 11:59:09
cnvd
cnvd
ImageMagick code issue vulnerability (CNVD-2022-05854)
2021-09-15 00:00:00
nvd
nvd
CVE-2021-39212
2021-09-13 18:15:23
CVE-2021-20243
2021-03-09 18:15:15
CVE-2021-20244
2021-03-09 19:15:12
cve
cve
CVE-2021-20243
2021-03-09 18:15:15
CVE-2021-20245
2021-03-09 19:15:12
CVE-2021-20224
2022-08-25 20:15:08
cvelist
cvelist
CVE-2021-20245
2021-03-09 00:00:00
CVE-2021-20313
2021-05-11 00:00:00
CVE-2021-20243
2021-03-09 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON
Related for UBUNTU_USN-5736-1.NASL
openvas35nessus37osv17cloudfoundry4ubuntu6debian2amazon3suse4mageia2freebsd1ubuntucve10redos1photon3gentoo1redhatcve10prion9debiancve9alpinelinux10veracode10cnvd1nvd9cve8cvelist7