Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ImageMagick: Multiple vulnerabilities
Informations
Name GLSA-201711-07 First vendor Publication 2017-11-11
Vendor Gentoo Last vendor Modification 2017-11-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis


========


 


Multiple vulnerabilities have been found in ImageMagick, the worst of


which may allow remote attackers to cause a Denial of Service


condition.


 


Background


==========


 


A collection of tools and libraries for many image formats.


 


Description


===========


 


Multiple vulnerabilities have been discovered in ImageMagick. Please


review the referenced CVE identifiers for details.


 


Impact


======


 


Remote attackers, by enticing a user to process a specially crafted


file, could obtain sensitive information, cause a Denial of Service


condition, or have other unspecified impacts.


 


Workaround


==========


 


There is no known workaround at this time.


 


Resolution


==========


 


All ImageMagick users should upgrade to the latest version:


 



# emerge --sync



# emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.9.20"


 


References


==========


 


[ 1 ] CVE-2017-11640


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11640


[ 2 ] CVE-2017-11724


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11724


[ 3 ] CVE-2017-12140


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12140


[ 4 ] CVE-2017-12418


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12418


[ 5 ] CVE-2017-12427


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12427


[ 6 ] CVE-2017-12691


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12691


[ 7 ] CVE-2017-12692


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12692


[ 8 ] CVE-2017-12693


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12693


[ 9 ] CVE-2017-12876


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12876


[ 10 ] CVE-2017-12877


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12877


[ 11 ] CVE-2017-12983


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12983


[ 12 ] CVE-2017-13058


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13058


[ 13 ] CVE-2017-13059


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13059


[ 14 ] CVE-2017-13060


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13060


[ 15 ] CVE-2017-13061


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13061


[ 16 ] CVE-2017-13062


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13062


[ 17 ] CVE-2017-13131


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13131


[ 18 ] CVE-2017-13132


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13132


[ 19 ] CVE-2017-13133


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13133


[ 20 ] CVE-2017-13134


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13134


[ 21 ] CVE-2017-13139


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13139


[ 22 ] CVE-2017-13140


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13140


[ 23 ] CVE-2017-13141


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13141


[ 24 ] CVE-2017-13142


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13142


[ 25 ] CVE-2017-13143


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13143


[ 26 ] CVE-2017-13144


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13144


[ 27 ] CVE-2017-13145


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13145


[ 28 ] CVE-2017-13146


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13146


[ 29 ] CVE-2017-13758


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13758


[ 30 ] CVE-2017-13768


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13768


[ 31 ] CVE-2017-13769


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13769


[ 32 ] CVE-2017-14060


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14060


[ 33 ] CVE-2017-14137


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14137


[ 34 ] CVE-2017-14138


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14138


[ 35 ] CVE-2017-14139


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14139


[ 36 ] CVE-2017-14172


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14172


[ 37 ] CVE-2017-14173


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14173


[ 38 ] CVE-2017-14174


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14174


[ 39 ] CVE-2017-14175


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14175


[ 40 ] CVE-2017-14224


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14224


[ 41 ] CVE-2017-14248


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14248


[ 42 ] CVE-2017-14249


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14249


[ 43 ] CVE-2017-15281


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15281


 


Availability


============


 


This GLSA and any updates to it are available for viewing at


the Gentoo Security Website:


 


https://security.gentoo.org/glsa/201711-07


 


Original Source

Url : http://security.gentoo.org/glsa/glsa-201711-07.xml

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-772 Missing Release of Resource after Effective Lifetime
15 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-770 Allocation of Resources Without Limits or Throttling
10 % CWE-125 Out-of-bounds Read
7 % CWE-20 Improper Input Validation
5 % CWE-476 NULL Pointer Dereference
5 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
2 % CWE-754 Improper Check for Unusual or Exceptional Conditions
2 % CWE-681 Incorrect Conversion between Numeric Types
2 % CWE-617 Reachable Assertion
2 % CWE-416 Use After Free
2 % CWE-369 Divide By Zero
2 % CWE-200 Information Exposure
2 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 591
Os 6
Os 3

Nessus® Vulnerability Scanner

Date Description
2018-10-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4321.nasl - Type : ACT_GATHER_INFO
2018-06-28 Name : The remote Debian host is missing a security update.
File : debian_DLA-1401.nasl - Type : ACT_GATHER_INFO
2018-05-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4204.nasl - Type : ACT_GATHER_INFO
2018-01-15 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2017-f5a9805c5b.nasl - Type : ACT_GATHER_INFO
2017-12-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4074.nasl - Type : ACT_GATHER_INFO
2017-12-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1362.nasl - Type : ACT_GATHER_INFO
2017-12-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1346.nasl - Type : ACT_GATHER_INFO
2017-12-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3168-1.nasl - Type : ACT_GATHER_INFO
2017-11-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4040.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1276.nasl - Type : ACT_GATHER_INFO
2017-11-14 Name : The remote Debian host is missing a security update.
File : debian_DLA-1170.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4032.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1270.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201711-07.nasl - Type : ACT_GATHER_INFO
2017-11-09 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2949-1.nasl - Type : ACT_GATHER_INFO
2017-11-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4019.nasl - Type : ACT_GATHER_INFO
2017-11-01 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2017-1264.nasl - Type : ACT_GATHER_INFO
2017-11-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1258.nasl - Type : ACT_GATHER_INFO
2017-11-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1257.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1199.nasl - Type : ACT_GATHER_INFO
2017-10-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-1139.nasl - Type : ACT_GATHER_INFO
2017-10-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2017-897a192750.nasl - Type : ACT_GATHER_INFO
2017-10-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2017-66d9113c7a.nasl - Type : ACT_GATHER_INFO
2017-10-11 Name : The remote Debian host is missing a security update.
File : debian_DLA-1131.nasl - Type : ACT_GATHER_INFO
2017-09-20 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2017-3a568adb31.nasl - Type : ACT_GATHER_INFO
2017-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2017-8f27031c8f.nasl - Type : ACT_GATHER_INFO
2017-09-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-1081.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2017-11-14 13:24:55
  • Multiple Updates
2017-11-11 17:23:31
  • First insertion