Test ID:	1.3.6.1.4.1.25623.1.0.113427
Category:	General
Title:	ImageMagick <= 7.0.8-50 Multiple Vulnerabilities - Windows
Summary:	ImageMagick is prone to multiple vulnerabilities.
Description:	Summary: ImageMagick is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Heap-based buffer over-read at MagickCore/threshold in AdaptiveThresholdImage because a width of zero is mishandled. - Direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. - Heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. - Heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. - Memory leaks in AcquireMagickMemory because of an AnnotateImage error. - Heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. - Heap-based buffer over-read in MagickCore/composite.c in CompositeImages. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of mispalces assignment. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. - Stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. - Heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. - Heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. - Memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. - Memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. - Memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. - ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Vulnerability Impact: Successful exploitation would allow an attacker to read sensitive information or execute arbitrary code on the target machine. Affected Software/OS: ImageMagick through version 7.0.8-50. Solution: Update to version 7.0.8-51. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-13295 Debian Security Information: DSA-4712 (Google Search) https://www.debian.org/security/2020/dsa-4712 https://github.com/ImageMagick/ImageMagick/commit/a7759f410b773a1dd57b0e1fb28112e1cd8b97bc https://github.com/ImageMagick/ImageMagick/issues/1608 https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html SuSE Security Announcement: openSUSE-SU-2019:1983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://usn.ubuntu.com/4192-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-13296 https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425 https://github.com/ImageMagick/ImageMagick/issues/1604 Common Vulnerability Exposure (CVE) ID: CVE-2019-13297 https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc https://github.com/ImageMagick/ImageMagick/issues/1609 https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773 Common Vulnerability Exposure (CVE) ID: CVE-2019-13298 https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3 https://github.com/ImageMagick/ImageMagick/issues/1611 Common Vulnerability Exposure (CVE) ID: CVE-2019-13299 https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc https://github.com/ImageMagick/ImageMagick/issues/1610 Common Vulnerability Exposure (CVE) ID: CVE-2019-13300 Debian Security Information: DSA-4715 (Google Search) https://www.debian.org/security/2020/dsa-4715 https://github.com/ImageMagick/ImageMagick/commit/a906fe9298bf89e01d5272023db687935068849a https://github.com/ImageMagick/ImageMagick/issues/1586 https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450 Common Vulnerability Exposure (CVE) ID: CVE-2019-13301 https://github.com/ImageMagick/ImageMagick/commit/f595a1985233c399a05c0c37cc41de16a90dd025 https://github.com/ImageMagick/ImageMagick/issues/1585 https://github.com/ImageMagick/ImageMagick/issues/1589 Common Vulnerability Exposure (CVE) ID: CVE-2019-13302 https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d https://github.com/ImageMagick/ImageMagick/issues/1597 Common Vulnerability Exposure (CVE) ID: CVE-2019-13303 https://github.com/ImageMagick/ImageMagick/commit/d29148fae06c01ef215940e084cf41853c117bab https://github.com/ImageMagick/ImageMagick/issues/1603 Common Vulnerability Exposure (CVE) ID: CVE-2019-13304 https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e https://github.com/ImageMagick/ImageMagick/issues/1614 https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241 Common Vulnerability Exposure (CVE) ID: CVE-2019-13305 https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888 https://github.com/ImageMagick/ImageMagick/issues/1613 https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d Common Vulnerability Exposure (CVE) ID: CVE-2019-13306 https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd https://github.com/ImageMagick/ImageMagick/issues/1612 https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa Common Vulnerability Exposure (CVE) ID: CVE-2019-13307 https://github.com/ImageMagick/ImageMagick/commit/025e77fcb2f45b21689931ba3bf74eac153afa48 https://github.com/ImageMagick/ImageMagick/issues/1615 https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe Common Vulnerability Exposure (CVE) ID: CVE-2019-13308 https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a https://github.com/ImageMagick/ImageMagick/issues/1595 https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2019-13309 https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 Common Vulnerability Exposure (CVE) ID: CVE-2019-13310 Common Vulnerability Exposure (CVE) ID: CVE-2019-13311 https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a https://github.com/ImageMagick/ImageMagick/issues/1623 https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91 Common Vulnerability Exposure (CVE) ID: CVE-2019-13391 https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7 https://github.com/ImageMagick/ImageMagick/issues/1588 https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.