pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2017-2096/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

804 lines
40 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172096",
"Version": "oval:org.altlinux.errata:def:20172096",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2096: package `ImageMagick` update to version 6.9.9.7-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2096",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2096",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-00694",
"RefURL": "https://bdu.fstec.ru/vul/2017-00694",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00887",
"RefURL": "https://bdu.fstec.ru/vul/2017-00887",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01460",
"RefURL": "https://bdu.fstec.ru/vul/2017-01460",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01773",
"RefURL": "https://bdu.fstec.ru/vul/2017-01773",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01774",
"RefURL": "https://bdu.fstec.ru/vul/2017-01774",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01775",
"RefURL": "https://bdu.fstec.ru/vul/2017-01775",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01776",
"RefURL": "https://bdu.fstec.ru/vul/2017-01776",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01777",
"RefURL": "https://bdu.fstec.ru/vul/2017-01777",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01778",
"RefURL": "https://bdu.fstec.ru/vul/2017-01778",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01779",
"RefURL": "https://bdu.fstec.ru/vul/2017-01779",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01781",
"RefURL": "https://bdu.fstec.ru/vul/2017-01781",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01787",
"RefURL": "https://bdu.fstec.ru/vul/2017-01787",
"Source": "BDU"
},
{
"RefID": "BDU:2017-02021",
"RefURL": "https://bdu.fstec.ru/vul/2017-02021",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03377",
"RefURL": "https://bdu.fstec.ru/vul/2021-03377",
"Source": "BDU"
},
{
"RefID": "CVE-2016-10058",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10058",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10065",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10065",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10068",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10068",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7539",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7539",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8866",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8866",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9298",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9298",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9559",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9559",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11352",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11352",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11448",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11449",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11449",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11450",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11450",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11478",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11505",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11522",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11522",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11523",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11523",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11524",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11524",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11525",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11525",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11526",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11526",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11527",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11527",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11528",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11528",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11529",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11529",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11530",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11530",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12427",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12427",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12877",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12877",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13139",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13139",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13140",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13140",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13141",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13141",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13142",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13142",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13143",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13143",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13144",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13144",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13145",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13145",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13146",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13146",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13658",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13658",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5507",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5507",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5508",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5508",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9098",
"Source": "CVE"
}
],
"Description": "This update upgrades ImageMagick to version 6.9.9.7-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2017-00694: Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-00887: Уязвимость операционной системы OpenSUSE Leap, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01460: Уязвимость компонента coders/mpc.c консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01773: Уязвимость функции ReadEPTImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01774: Уязвимость функции ReadDPXImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01775: Уязвимость функции ReadOneMNGImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01776: Уязвимость функции ReadCINImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01777: Уязвимость функции ReadTXTImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01778: Уязвимость функции ReadOneJNGImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01779: Уязвимость функции ReadOneDJVUImage консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01781: Уязвимость компонента AcquireVirtualMemory консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-01787: Уязвимость функции ProcessMSLScript в coders/msl.c консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-02021: Уязвимость функции ReadOneMNGImage консольного графического редактора ImageMagick, позволяющая нарушителю произвести чтение за границами памяти\n\n * BDU:2021-03377: Уязвимость функции ReadMATImage компонента coders/mat.c консольного графического редактора ImageMagick, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-10058: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.\n\n * CVE-2016-10065: The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.\n\n * CVE-2016-10068: The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.\n\n * CVE-2016-7539: Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.\n\n * CVE-2016-8866: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.\n\n * CVE-2016-9298: Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.\n\n * CVE-2016-9559: coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.\n\n * CVE-2017-11352: In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.\n\n * CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.\n\n * CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.\n\n * CVE-2017-11450: coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.\n\n * CVE-2017-11478: The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.\n\n * CVE-2017-11505: The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.\n\n * CVE-2017-11522: The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.\n\n * CVE-2017-11523: The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.\n\n * CVE-2017-11524: The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.\n\n * CVE-2017-11525: The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.\n\n * CVE-2017-11526: The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.\n\n * CVE-2017-11527: The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.\n\n * CVE-2017-11528: The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.\n\n * CVE-2017-11529: The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.\n\n * CVE-2017-11530: The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.\n\n * CVE-2017-12427: The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.\n\n * CVE-2017-12877: Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.\n\n * CVE-2017-13139: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.\n\n * CVE-2017-13140: In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.\n\n * CVE-2017-13141: In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.\n\n * CVE-2017-13142: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.\n\n * CVE-2017-13143: In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.\n\n * CVE-2017-13144: In ImageMagick before 6.9.7-10, there is a crash (rather than a \"width or height exceeds limit\" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.\n\n * CVE-2017-13145: In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.\n\n * CVE-2017-13146: In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.\n\n * CVE-2017-13658: In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.\n\n * CVE-2017-5507: Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.\n\n * CVE-2017-5508: Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.\n\n * CVE-2017-9098: ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-08-22"
},
"Updated": {
"Date": "2017-08-22"
},
"BDUs": [
{
"ID": "BDU:2017-00694",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2017-00694",
"Impact": "High",
"Public": "20170323"
},
{
"ID": "BDU:2017-00887",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2017-00887",
"Impact": "Low",
"Public": "20170303"
},
{
"ID": "BDU:2017-01460",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01460",
"Impact": "High",
"Public": "20170324"
},
{
"ID": "BDU:2017-01773",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2017-01773",
"Impact": "High",
"Public": "20170723"
},
{
"ID": "BDU:2017-01774",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2017-01774",
"Impact": "High",
"Public": "20170723"
},
{
"ID": "BDU:2017-01775",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2017-01775",
"Impact": "High",
"Public": "20170723"
},
{
"ID": "BDU:2017-01776",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01776",
"Impact": "High",
"Public": "20170723"
},
{
"ID": "BDU:2017-01777",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01777",
"Impact": "High",
"Public": "20170723"
},
{
"ID": "BDU:2017-01778",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01778",
"Impact": "High",
"Public": "20170721"
},
{
"ID": "BDU:2017-01779",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01779",
"Impact": "High",
"Public": "20170720"
},
{
"ID": "BDU:2017-01781",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2017-01781",
"Impact": "High",
"Public": "20170725"
},
{
"ID": "BDU:2017-01787",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01787",
"Impact": "Low",
"Public": "20170804"
},
{
"ID": "BDU:2017-02021",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2017-02021",
"Impact": "High",
"Public": "20170710"
},
{
"ID": "BDU:2021-03377",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-03377",
"Impact": "Low",
"Public": "20170723"
}
],
"CVEs": [
{
"ID": "CVE-2016-10058",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10058",
"Impact": "Low",
"Public": "20170323"
},
{
"ID": "CVE-2016-10065",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10065",
"Impact": "High",
"Public": "20170303"
},
{
"ID": "CVE-2016-10068",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10068",
"Impact": "Low",
"Public": "20170302"
},
{
"ID": "CVE-2016-7539",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7539",
"Impact": "High",
"Public": "20170725"
},
{
"ID": "CVE-2016-8866",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8866",
"Impact": "High",
"Public": "20170215"
},
{
"ID": "CVE-2016-9298",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9298",
"Impact": "Low",
"Public": "20170127"
},
{
"ID": "CVE-2016-9559",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9559",
"Impact": "Low",
"Public": "20170301"
},
{
"ID": "CVE-2017-11352",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11352",
"Impact": "Low",
"Public": "20170717"
},
{
"ID": "CVE-2017-11448",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11448",
"Impact": "Low",
"Public": "20170719"
},
{
"ID": "CVE-2017-11449",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11449",
"Impact": "High",
"Public": "20170719"
},
{
"ID": "CVE-2017-11450",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11450",
"Impact": "High",
"Public": "20170719"
},
{
"ID": "CVE-2017-11478",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11478",
"Impact": "Low",
"Public": "20170720"
},
{
"ID": "CVE-2017-11505",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-834",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11505",
"Impact": "Low",
"Public": "20170721"
},
{
"ID": "CVE-2017-11522",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11522",
"Impact": "Low",
"Public": "20170722"
},
{
"ID": "CVE-2017-11523",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11523",
"Impact": "Low",
"Public": "20170722"
},
{
"ID": "CVE-2017-11524",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11524",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11525",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11525",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11526",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11526",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11527",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11527",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11528",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11528",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11529",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11529",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-11530",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11530",
"Impact": "Low",
"Public": "20170723"
},
{
"ID": "CVE-2017-12427",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12427",
"Impact": "Low",
"Public": "20170804"
},
{
"ID": "CVE-2017-12877",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12877",
"Impact": "Low",
"Public": "20170828"
},
{
"ID": "CVE-2017-13139",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13139",
"Impact": "Critical",
"Public": "20170823"
},
{
"ID": "CVE-2017-13140",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13140",
"Impact": "Low",
"Public": "20170823"
},
{
"ID": "CVE-2017-13141",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13141",
"Impact": "Low",
"Public": "20170823"
},
{
"ID": "CVE-2017-13142",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-754",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13142",
"Impact": "Low",
"Public": "20170823"
},
{
"ID": "CVE-2017-13143",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13143",
"Impact": "High",
"Public": "20170823"
},
{
"ID": "CVE-2017-13144",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13144",
"Impact": "Low",
"Public": "20170823"
},
{
"ID": "CVE-2017-13145",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13145",
"Impact": "Low",
"Public": "20170823"
},
{
"ID": "CVE-2017-13146",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13146",
"Impact": "High",
"Public": "20170823"
},
{
"ID": "CVE-2017-13658",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13658",
"Impact": "Low",
"Public": "20170824"
},
{
"ID": "CVE-2017-5507",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5507",
"Impact": "High",
"Public": "20170324"
},
{
"ID": "CVE-2017-5508",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5508",
"Impact": "Low",
"Public": "20170324"
},
{
"ID": "CVE-2017-9098",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9098",
"Impact": "High",
"Public": "20170519"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172096001",
"Comment": "ImageMagick is earlier than 0:6.9.9.7-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172096002",
"Comment": "ImageMagick-doc is earlier than 0:6.9.9.7-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172096003",
"Comment": "ImageMagick-tools is earlier than 0:6.9.9.7-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172096004",
"Comment": "libImageMagick is earlier than 0:6.9.9.7-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172096005",
"Comment": "libImageMagick-devel is earlier than 0:6.9.9.7-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172096006",
"Comment": "perl-Magick is earlier than 0:6.9.9.7-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink