Vulnerability CVE-2014-9853


Published: 2017-03-17

Description:
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

Type:

CWE-399

(Resource Management Errors)

Vendor: Novell
Product: LEAP 
Version: 42.2; 42.1;
Vendor: Opensuse
Product: LEAP 
Version: 42.1;
Product: Opensuse 
Version: 13.2;
Vendor: Canonical
Product: Ubuntu linux 
Version:
16.10
16.04
14.04
12.04
Vendor: Opensuse project
Product: Opensuse 
Version: 13.2;
Product: Suse linux enterprise software development kit 
Version: 11.0;
Vendor: SUSE
Product: Linux enterprise software development kit 
Version: 12;
Product: Linux enterprise desktop 
Version: 12;
Product: Linux enterprise server 
Version: 12; 11;
Product: Linux enterprise workstation extension 
Version: 12;
Product: Linux enterprise debuginfo 
Version: 11;
Vendor: Imagemagick
Product: Imagemagick 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html
http://www.openwall.com/lists/oss-security/2016/06/02/13
http://www.ubuntu.com/usn/USN-3131-1
https://bugzilla.redhat.com/show_bug.cgi?id=1343513

Related CVE
CVE-2019-16713
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
CVE-2019-16712
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2019-16711
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVE-2019-16710
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVE-2019-16709
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16708
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-15141
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirect...
CVE-2019-15140
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCo...

Copyright 2019, cxsecurity.com

 

Back to Top