Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2020.2349
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2020-2349)
Summary:The remote host is missing an update for the Huawei EulerOS; 'ImageMagick' package(s) announced via the EulerOS-SA-2020-2349 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS
'ImageMagick' package(s) announced via the EulerOS-SA-2020-2349 advisory.

Vulnerability Insight:
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.(CVE-2019-13133)

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.(CVE-2019-13134)

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.(CVE-2018-10804)

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.(CVE-2018-10177)

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.(CVE-2018-16749)

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.(CVE-2019-7395)

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.(CVE-2019-7396)

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.(CVE-2019-12974)

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.(CVE-2019-12975)

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.(CVE-2019-12976)

ImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the WriteJP2Image function in coders/jp2.c.(CVE-2019-12977)

ImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the ReadPANGOImage function in coders/pango.c.(CVE-2019-12978)

ImageMagick 7.0.8-34 has a 'use of uninitialized value' vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.(CVE-2019-12979)

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.(CVE-2019-13137)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.(CVE-2019-13295)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.(CVE-2019-13297)

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.(CVE-2019-13300)

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in Wr ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'ImageMagick' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-7395
BugTraq ID: 106850
http://www.securityfocus.com/bid/106850
Debian Security Information: DSA-4712 (Google Search)
https://www.debian.org/security/2020/dsa-4712
https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
https://github.com/ImageMagick/ImageMagick/issues/1451
SuSE Security Announcement: openSUSE-SU-2019:1141 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html
SuSE Security Announcement: openSUSE-SU-2019:1320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html
https://usn.ubuntu.com/4034-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-7396
BugTraq ID: 106849
http://www.securityfocus.com/bid/106849
https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
https://github.com/ImageMagick/ImageMagick/issues/1452
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.