Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title GraphicsMagick: Multiple vulnerabilities
Informations
Name GLSA-201311-10 First vendor Publication 2013-11-19
Vendor Gentoo Last vendor Modification 2013-11-19
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.

Background

GraphicsMagick is the Swiss army knife of image processing.

Description

Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially-crafted image file, potentially resulting in arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GraphicsMagick users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=media-gfx/graphicsmagick-1.3.18"

References

[ 1 ] CVE-2008-1097 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1097
[ 2 ] CVE-2009-1882 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1882
[ 3 ] CVE-2009-3736 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736
[ 4 ] CVE-2013-4589 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4589

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201311-10.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201311-10.xml

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11237
 
Oval ID: oval:org.mitre.oval:def:11237
Title: Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
Description: Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1097
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11687
 
Oval ID: oval:org.mitre.oval:def:11687
Title: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
 Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12656
 
Oval ID: oval:org.mitre.oval:def:12656
Title: DSA-1958-1 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family: unix Class: patch
Reference(s): DSA-1958-1
CVE-2009-3736
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13308
 
Oval ID: oval:org.mitre.oval:def:13308
Title: DSA-1858-1 imagemagick -- multiple
Description: Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution. CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution. CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution. CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution. CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution. CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution. CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable. CVE-2008-1097 Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable. CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. For the old stable distribution, these problems have been fixed in version 7:6.2.4.5.dfsg1-0.15+etch1. For the stable distribution, these problems have been fixed in version 7:6.3.7.9.dfsg2-1~lenny3. For the upcoming stable distribution and the unstable distribution, these problems have been fixed in version 7:6.5.1.0-1.1. We recommend that you upgrade your imagemagick packages.
Family: unix Class: patch
Reference(s): DSA-1858-1
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
CVE-2008-1096
CVE-2008-1097
CVE-2009-1882
 Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13868
 
Oval ID: oval:org.mitre.oval:def:13868
Title: USN-784-1 -- imagemagick vulnerability
Description: It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-784-1
CVE-2009-1882
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
 Product(s): imagemagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19472
 
Oval ID: oval:org.mitre.oval:def:19472
Title: DSA-1903-1 graphicsmagick - several
Description: Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
Family: unix Class: patch
Reference(s): DSA-1903-1
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4988
CVE-2008-1096
CVE-2008-3134
CVE-2008-6070
CVE-2008-6071
CVE-2008-6072
CVE-2008-6621
CVE-2009-1882
 Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
 Product(s): graphicsmagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21943
 
Oval ID: oval:org.mitre.oval:def:21943
Title: RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): RHSA-2010:0039-01
CESA-2010:0039
CVE-2009-3736
 Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22206
 
Oval ID: oval:org.mitre.oval:def:22206
Title: RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description: Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): RHSA-2010:0652-01
CESA-2010:0652
CVE-2009-1882
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22407
 
Oval ID: oval:org.mitre.oval:def:22407
Title: ELSA-2008:0145: ImageMagick security update (Moderate)
Description: Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2008:0145-01
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4988
CVE-2008-1096
CVE-2008-1097
 Version: 29
Platform(s): Oracle Linux 5
 Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22919
 
Oval ID: oval:org.mitre.oval:def:22919
Title: ELSA-2010:0652: ImageMagick security and bug fix update (Moderate)
Description: Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2010:0652-01
CVE-2009-1882
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23008
 
Oval ID: oval:org.mitre.oval:def:23008
Title: ELSA-2009:1646: libtool security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2009:1646-01
CVE-2009-3736
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23036
 
Oval ID: oval:org.mitre.oval:def:23036
Title: ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2010:0039-01
CVE-2009-3736
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27931
 
Oval ID: oval:org.mitre.oval:def:27931
Title: DEPRECATED: ELSA-2010-0652 -- ImageMagick security and bug fix update (moderate)
Description: [6.2.8.0-4.el5_5.2] - Fix SGI image decoding (625058) [6.2.8.0-4.el5_5.1] - Add fix for CVE-2009-1882 (504304)
Family: unix Class: patch
Reference(s): ELSA-2010-0652
CVE-2009-1882
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): ImageMagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29283
 
Oval ID: oval:org.mitre.oval:def:29283
Title: RHSA-2009:1646 -- libtool security update (Moderate)
Description: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1646
CESA-2009:1646-CentOS 3
CESA-2009:1646-CentOS 5
CVE-2009-3736
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6951
 
Oval ID: oval:org.mitre.oval:def:6951
Title: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
 Version: 6
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7481
 
Oval ID: oval:org.mitre.oval:def:7481
Title: DSA-1958 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family: unix Class: patch
Reference(s): DSA-1958
CVE-2009-3736
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7485
 
Oval ID: oval:org.mitre.oval:def:7485
Title: DSA-1903 graphicsmagick -- several vulnerabilities
Description: Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): DSA-1903
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4988
CVE-2008-1096
CVE-2008-3134
CVE-2008-6070
CVE-2008-6071
CVE-2008-6072
CVE-2008-6621
CVE-2009-1882
 Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): graphicsmagick
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8206
 
Oval ID: oval:org.mitre.oval:def:8206
Title: DSA-1858 imagemagick -- multiple vulnerabilities
Description: Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a "\0" character to an out-of-bounds address. It affects only the oldstable distribution (etch). A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only to oldstable (etch). Heap-based buffer overflow in the PCX coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. It affects only to oldstable (etch). Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): DSA-1858
CVE-2007-1667
CVE-2007-1797
CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
CVE-2008-1096
CVE-2008-1097
CVE-2009-1882
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): imagemagick
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 15
Application 41
Application 6
Application 5
Application 1
Application 1
Os 1
Os 1

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for cpp CESA-2010:0039 centos5 i386
File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos5 i386
File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos4 i386
File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos3 i386
File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-03 (imagemagick)
File : nvt/glsa_201006_03.nasl
2011-03-07 Name : Fedora Update for q FEDORA-2011-1967
File : nvt/gb_fedora_2011_1967_q_fc14.nasl
2011-03-07 Name : Fedora Update for q FEDORA-2011-1958
File : nvt/gb_fedora_2011_1958_q_fc13.nasl
2010-08-30 Name : RedHat Update for ImageMagick RHSA-2010:0653-01
File : nvt/gb_RHSA-2010_0653-01_ImageMagick.nasl
2010-08-30 Name : RedHat Update for ImageMagick RHSA-2010:0652-01
File : nvt/gb_RHSA-2010_0652-01_ImageMagick.nasl
2010-08-30 Name : CentOS Update for ImageMagick CESA-2010:0653 centos4 i386
File : nvt/gb_CESA-2010_0653_ImageMagick_centos4_i386.nasl
2010-07-12 Name : Fedora Update for libtool FEDORA-2010-10640
File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl
2010-07-12 Name : Fedora Update for gcc FEDORA-2010-10640
File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl
2010-05-28 Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-28 Name : Fedora Update for libprelude FEDORA-2010-8756
File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl
2010-05-07 Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-04-16 Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_075.nasl
2010-04-06 Name : Fedora Update for hamlib FEDORA-2010-4352
File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl
2010-04-06 Name : Fedora Update for hamlib FEDORA-2010-4407
File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl
2010-03-22 Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392
File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl
2010-03-22 Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339
File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl
2010-03-22 Name : Fedora Update for esorex FEDORA-2010-3314
File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl
2010-03-22 Name : Fedora Update for esorex FEDORA-2010-3216
File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl
2010-03-22 Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2)
File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-12 Name : Mandriva Update for slib MDVA-2010:091 (slib)
File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12 Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-03-02 Name : Fedora Update for GraphicsMagick FEDORA-2010-0036
File : nvt/gb_fedora_2010_0036_GraphicsMagick_fc12.nasl
2010-03-02 Name : Fedora Update for gnash FEDORA-2010-1833
File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl
2010-03-02 Name : Fedora Update for gambas FEDORA-2010-1872
File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl
2010-03-02 Name : Fedora Update for gambas FEDORA-2010-1924
File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl
2010-03-02 Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341
File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl
2010-03-02 Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943
File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl
2010-03-02 Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)
File : nvt/gb_mandriva_MDVA_2010_075.nasl
2010-03-02 Name : Fedora Update for gnash FEDORA-2010-1820
File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl
2010-03-02 Name : Fedora Update for GraphicsMagick FEDORA-2010-0001
File : nvt/gb_fedora_2010_0001_GraphicsMagick_fc11.nasl
2010-02-15 Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2010-02-15 Name : Mandriva Update for samba MDVA-2010:056 (samba)
File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-01-19 Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01
File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64
File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos4 i386
File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64
File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos3 i386
File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl
2010-01-15 Name : Fedora Update for ImageMagick FEDORA-2010-0295
File : nvt/gb_fedora_2010_0295_ImageMagick_fc11.nasl
2009-12-30 Name : Debian Security Advisory DSA 1958-1 (libtool)
File : nvt/deb_1958_1.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12562 (libtool)
File : nvt/fcore_2009_12562.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-12725 (libtool)
File : nvt/fcore_2009_12725.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12813 (gcc)
File : nvt/fcore_2009_12813.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1646
File : nvt/RHSA_2009_1646.nasl
2009-12-14 Name : CentOS Security Advisory CESA-2009:1646 (libtool)
File : nvt/ovcesa2009_1646.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1)
File : nvt/mdksa_2009_318.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool)
File : nvt/mdksa_2009_307_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:260-1 (imagemagick)
File : nvt/mdksa_2009_260_1.nasl
2009-12-03 Name : FreeBSD Ports: libtool
File : nvt/freebsd_libtool0.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:261 (graphicsmagick)
File : nvt/mdksa_2009_261.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:260 (imagemagick)
File : nvt/mdksa_2009_260.nasl
2009-10-13 Name : Debian Security Advisory DSA 1903-1 (graphicsmagick)
File : nvt/deb_1903_1.nasl
2009-10-11 Name : SLES11: Security update for ImageMagick
File : nvt/sles11_libMagickCore1.nasl
2009-08-17 Name : Debian Security Advisory DSA 1858-1 (imagemagick)
File : nvt/deb_1858_1.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-15 Name : Ubuntu USN-784-1 (imagemagick)
File : nvt/ubuntu_784_1.nasl
2009-06-02 Name : ImageMagick Buffer Overflow Vulnerability (Linux)
File : nvt/secpod_imagemagick_bof_vuln_lin.nasl
2009-06-02 Name : ImageMagick Buffer Overflow Vulnerability (Win)
File : nvt/secpod_imagemagick_bof_vuln_win.nasl
2009-04-09 Name : Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
File : nvt/gb_mandriva_MDVSA_2008_099.nasl
2009-03-06 Name : RedHat Update for ImageMagick RHSA-2008:0165-01
File : nvt/gb_RHSA-2008_0165-01_ImageMagick.nasl
2009-03-06 Name : RedHat Update for ImageMagick RHSA-2008:0145-01
File : nvt/gb_RHSA-2008_0145-01_ImageMagick.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0165-01 centos2 i386
File : nvt/gb_CESA-2008_0165-01_ImageMagick_centos2_i386.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 x86_64
File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos4 i386
File : nvt/gb_CESA-2008_0145_ImageMagick_centos4_i386.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 x86_64
File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for ImageMagick CESA-2008:0145 centos3 i386
File : nvt/gb_CESA-2008_0145_ImageMagick_centos3_i386.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60522 libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation
54729 ImageMagick magick/xwindow.c XMakeImage() Function TIFF File Handling Overflow
43213 ImageMagick / GraphicsMagick coders/pcx.c PCX Coder ReadPCXImage Function PCX...

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2013-11-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-11-02 Name : The remote Fedora host is missing a security update.
File : fedora_2013-19307.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100825_ImageMagick_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100825_ImageMagick_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080416_ImageMagick_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO
2011-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-6284.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0653.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0652.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0001.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0036.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-03.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12554.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0295.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1903.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1858.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO
2009-10-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-260.nasl - Type : ACT_GATHER_INFO
2009-10-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-261.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_GraphicsMagick-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ImageMagick-090604.nasl - Type : ACT_GATHER_INFO
2009-06-24 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-6294.nasl - Type : ACT_GATHER_INFO
2009-06-24 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-6287.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-784-1.nasl - Type : ACT_GATHER_INFO
2009-05-29 Name : The remote Windows host contains an application that is affected by an intege...
File : imagemagick_6_5_2_9.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-099.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ImageMagick-5278.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote openSUSE host is missing a security update.
File : suse_ImageMagick-5277.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote openSUSE host is missing a security update.
File : suse_GraphicsMagick-5276.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0145.nasl - Type : ACT_GATHER_INFO
2008-04-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0165.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:37:54
  • Multiple Updates
2013-11-23 17:22:45
  • Multiple Updates
2013-11-19 05:19:07
  • First insertion