Executive Summary
Summary | |
---|---|
Title | ImageMagick: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201711-07 | First vendor Publication | 2017-11-11 |
Vendor | Gentoo | Last vendor Modification | 2017-11-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis ========
Multiple vulnerabilities have been found in ImageMagick, the worst of which may allow remote attackers to cause a Denial of Service condition.
Background ==========
A collection of tools and libraries for many image formats.
Description ===========
Multiple vulnerabilities have been discovered in ImageMagick. Please review the referenced CVE identifiers for details.
Impact ======
Remote attackers, by enticing a user to process a specially crafted file, could obtain sensitive information, cause a Denial of Service condition, or have other unspecified impacts.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All ImageMagick users should upgrade to the latest version:
References ==========
[ 1 ] CVE-2017-11640 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640 [ 2 ] CVE-2017-11724 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724 [ 3 ] CVE-2017-12140 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140 [ 4 ] CVE-2017-12418 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418 [ 5 ] CVE-2017-12427 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427 [ 6 ] CVE-2017-12691 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691 [ 7 ] CVE-2017-12692 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692 [ 8 ] CVE-2017-12693 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693 [ 9 ] CVE-2017-12876 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876 [ 10 ] CVE-2017-12877 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12877 [ 11 ] CVE-2017-12983 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983 [ 12 ] CVE-2017-13058 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058 [ 13 ] CVE-2017-13059 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059 [ 14 ] CVE-2017-13060 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060 [ 15 ] CVE-2017-13061 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061 [ 16 ] CVE-2017-13062 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062 [ 17 ] CVE-2017-13131 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131 [ 18 ] CVE-2017-13132 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132 [ 19 ] CVE-2017-13133 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133 [ 20 ] CVE-2017-13134 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134 [ 21 ] CVE-2017-13139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139 [ 22 ] CVE-2017-13140 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140 [ 23 ] CVE-2017-13141 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141 [ 24 ] CVE-2017-13142 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142 [ 25 ] CVE-2017-13143 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143 [ 26 ] CVE-2017-13144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144 [ 27 ] CVE-2017-13145 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145 [ 28 ] CVE-2017-13146 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146 [ 29 ] CVE-2017-13758 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13758 [ 30 ] CVE-2017-13768 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13768 [ 31 ] CVE-2017-13769 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13769 [ 32 ] CVE-2017-14060 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14060 [ 33 ] CVE-2017-14137 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137 [ 34 ] CVE-2017-14138 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138 [ 35 ] CVE-2017-14139 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139 [ 36 ] CVE-2017-14172 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172 [ 37 ] CVE-2017-14173 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173 [ 38 ] CVE-2017-14174 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174 [ 39 ] CVE-2017-14175 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175 [ 40 ] CVE-2017-14224 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14224 [ 41 ] CVE-2017-14248 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14248 [ 42 ] CVE-2017-14249 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14249 [ 43 ] CVE-2017-15281 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201711-07
|
Original Source
Url : http://security.gentoo.org/glsa/glsa-201711-07.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
15 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-770 | Allocation of Resources Without Limits or Throttling |
10 % | CWE-125 | Out-of-bounds Read |
7 % | CWE-20 | Improper Input Validation |
5 % | CWE-476 | NULL Pointer Dereference |
5 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
2 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
2 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
2 % | CWE-681 | Incorrect Conversion between Numeric Types |
2 % | CWE-617 | Reachable Assertion |
2 % | CWE-416 | Use After Free |
2 % | CWE-369 | Divide By Zero |
2 % | CWE-200 | Information Exposure |
2 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-10-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4321.nasl - Type : ACT_GATHER_INFO |
2018-06-28 | Name : The remote Debian host is missing a security update. File : debian_DLA-1401.nasl - Type : ACT_GATHER_INFO |
2018-05-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4204.nasl - Type : ACT_GATHER_INFO |
2018-01-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-f5a9805c5b.nasl - Type : ACT_GATHER_INFO |
2017-12-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4074.nasl - Type : ACT_GATHER_INFO |
2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1362.nasl - Type : ACT_GATHER_INFO |
2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1346.nasl - Type : ACT_GATHER_INFO |
2017-12-01 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-3168-1.nasl - Type : ACT_GATHER_INFO |
2017-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4040.nasl - Type : ACT_GATHER_INFO |
2017-11-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1276.nasl - Type : ACT_GATHER_INFO |
2017-11-14 | Name : The remote Debian host is missing a security update. File : debian_DLA-1170.nasl - Type : ACT_GATHER_INFO |
2017-11-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4032.nasl - Type : ACT_GATHER_INFO |
2017-11-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1270.nasl - Type : ACT_GATHER_INFO |
2017-11-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201711-07.nasl - Type : ACT_GATHER_INFO |
2017-11-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2949-1.nasl - Type : ACT_GATHER_INFO |
2017-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4019.nasl - Type : ACT_GATHER_INFO |
2017-11-01 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1264.nasl - Type : ACT_GATHER_INFO |
2017-11-01 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1258.nasl - Type : ACT_GATHER_INFO |
2017-11-01 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1257.nasl - Type : ACT_GATHER_INFO |
2017-10-30 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1199.nasl - Type : ACT_GATHER_INFO |
2017-10-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-1139.nasl - Type : ACT_GATHER_INFO |
2017-10-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-897a192750.nasl - Type : ACT_GATHER_INFO |
2017-10-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-66d9113c7a.nasl - Type : ACT_GATHER_INFO |
2017-10-11 | Name : The remote Debian host is missing a security update. File : debian_DLA-1131.nasl - Type : ACT_GATHER_INFO |
2017-09-20 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-3a568adb31.nasl - Type : ACT_GATHER_INFO |
2017-09-19 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-8f27031c8f.nasl - Type : ACT_GATHER_INFO |
2017-09-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-1081.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-11-14 13:24:55 |
|
2017-11-11 17:23:31 |
|