Test ID:	1.3.6.1.4.1.25623.1.0.120052
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-336)
Summary:	The remote host is missing an update for the 'ImageMagick' package(s) announced via the ALAS-2014-336 advisory.
Description:	Summary: The remote host is missing an update for the 'ImageMagick' package(s) announced via the ALAS-2014-336 advisory. Vulnerability Insight: A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick. A buffer overflow flaw affecting ImageMagick when creating PSD images was reported. The vulnerability is similar to CVE-2014-1947, except that CVE-2014-2030's format string is 'L%06ld' instead of CVE-2014-1947's 'L%02ld' due to commit r1448. Affected Software/OS: 'ImageMagick' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1947 http://www.openwall.com/lists/oss-security/2014/02/12/13 http://www.openwall.com/lists/oss-security/2014/02/12/2 http://www.openwall.com/lists/oss-security/2014/02/13/2 http://www.openwall.com/lists/oss-security/2014/02/13/5 http://www.openwall.com/lists/oss-security/2014/02/19/13 https://bugzilla.redhat.com/show_bug.cgi?id=1064098 https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1958 https://www.openwall.com/lists/oss-security/2014/02/19/13 Common Vulnerability Exposure (CVE) ID: CVE-2014-2030
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.