Vulnerability CVE-2014-9850


Published: 2017-03-20

Description:
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

Type:

CWE-399

(Resource Management Errors)

Vendor: Imagemagick
Product: Imagemagick 
Version: 6.8.8-9;
Vendor: Opensuse project
Product: LEAP 
Version: 42.1;
Product: Opensuse 
Version: 13.2;
Product: Suse linux enterprise server 
Version: 12.0;
Product: Suse linux enterprise software development kit 
Version: 12.0;
Product: Suse linux enterprise desktop 
Version: 12.0;
Product: Suse linux enterprise workstation extension 
Version: 12.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
16.10
16.04
14.04
12.04
Vendor: Opensuse
Product: Opensuse 
Version: 13.2;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
http://www.openwall.com/lists/oss-security/2016/06/02/13
http://www.ubuntu.com/usn/USN-3131-1
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2257d1eadd02d89d225fce21013a1219d221dc7d
https://bugzilla.redhat.com/show_bug.cgi?id=1343510

Related CVE
CVE-2019-17069
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVE-2019-17068
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
CVE-2019-13627
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
CVE-2019-15902
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v...
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large ...
CVE-2019-14232
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents...

Copyright 2019, cxsecurity.com

 

Back to Top