Vulnerability CVE-2014-9852

Vulnerability CVE-2014-9852

Published: 2017-03-17

Description:

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Type:

CWE-913

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
SUSE -> Linux enterprise server
SUSE -> Linux enterprise desktop
SUSE -> Linux enterprise software development kit
SUSE -> Linux enterprise workstation extension
Opensuse project -> Opensuse
Opensuse -> LEAP
Opensuse -> Opensuse
Novell -> LEAP
Imagemagick -> Imagemagick

References:

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

http://www.openwall.com/lists/oss-security/2016/06/02/13

https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563

https://bugzilla.redhat.com/show_bug.cgi?id=1343512

Vulnerability CVE-2014-9852

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

CWE-913

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: