DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2014-9852

Critical

Low Medium High Critical

9.8

CVSS Score

Published: Mar 17, 2017

Last Modified: Apr 20, 2025

CWE: CWE-913

Vulnerability Description

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

6 configuration(s) from 2 vendor(s)

opensuse

Version:

13.2

CPE:

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

leap

Version:

42.1

CPE:

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*

linux_enterprise_desktop

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

linux_enterprise_workstation_extension

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

linux_enterprise_software_development_kit

Version:

CPE:

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

This vulnerability affects 6 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

9.8

out of 10.0

Critical

Weakness Type (CWE)

CWE-913

Improper Control of Dynamically-Managed Code Resources

Description: The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
Typical Severity: Medium
Abstraction Level: Class