CVE-2014-9844
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
Known Affected Software
15 configuration(s) from 5 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
12.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
ubuntu_linux
Version:
16.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
imagemagick
Version:
6.8.8-9
CPE:
cpe:2.3:a:imagemagick:imagemagick:6.8.8-9:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_debuginfo
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*
suse_linux_enterprise_desktop
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_workstation_extension
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
suse_linux_enterprise_software_development_kit
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
suse_linux_enterprise_software_development_kit
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*
leap
Version:
42.1
CPE:
cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
studio_onsite
Version:
1.3
CPE:
cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/02/13cve@mitre.org Mailing List Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3131-1cve@mitre.org Third Party Advisory
-
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaeecve@mitre.org Patch Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1343502cve@mitre.org Issue Tracking Patch Third Party Advisory VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/02/13af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3131-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=36ed9419a68cb1356b1843b48cc12788179cdaeeaf854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1343502af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-125
Top 25 #11
Out-of-bounds Read
- Description
- The product reads data past the end, or before the beginning, of the intended buffer.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- March 20, 2017
