CVE-2014-9847
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Known Affected Software
15 configuration(s) from 4 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
12.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
ubuntu_linux
Version:
16.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
imagemagick
Version:
6.8.8-9
CPE:
cpe:2.3:a:imagemagick:imagemagick:6.8.8-9:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_debuginfo
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*
suse_linux_enterprise_desktop
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_workstation_extension
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp2:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
suse_linux_enterprise_software_development_kit
Version:
11.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
studio_onsite
Version:
1.3
CPE:
cpe:2.3:a:opensuse_project:studio_onsite:1.3:*:*:*:*:*:*:*
suse_linux_enterprise_software_development_kit
Version:
12.0
CPE:
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*
leap
Version:
42.1
CPE:
cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlcve@mitre.org Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/02/13cve@mitre.org Mailing List Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3131-1cve@mitre.org Third Party Advisory
-
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f4ece8c7c462c5449138f39401f66318b9ab0430cve@mitre.org Patch Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1343506cve@mitre.org Issue Tracking Patch Third Party Advisory VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/02/13af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3131-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f4ece8c7c462c5449138f39401f66318b9ab0430af854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1343506af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-119
Top 25 #17
Improper Restriction of Operations within the Bounds of a Memory Buffer
- Description
- The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 20, 2017
