ID CVE-2014-8355
Summary PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
References
Vulnerable Configurations
  • ImageMagick 6.8.9-8
    cpe:2.3:a:imagemagick:imagemagick:6.8.9-8
CVSS
Base: 4.3 (as of 08-05-2017 - 17:12)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-960.NASL
    description This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR, SGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN, EPT, ICON, DDS, or ART files are processed. For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u14. We recommend that you upgrade your imagemagick packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 100480
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100480
    title Debian DLA-960-1 : imagemagick security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-3605.NASL
    description Security fix for CVE-2014-8354,CVE-2014-8355 and 4 other security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 81864
    published 2015-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81864
    title Fedora 22 : ImageMagick-6.8.8.10-9.fc22 (2015-3605)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-649.NASL
    description ImageMagick was updated to fix three security issues. These security issues were fixed : - Out-of-bounds memory access in PCX parser (CVE-2014-8355). - Out-of-bounds memory access in resize code (CVE-2014-8354). - Out-of-bounds memory error in DCM decode (CVE-2014-8562).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79224
    published 2014-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79224
    title openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1396-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-226.NASL
    description Updated imagemagick packages fix security vulnerabilities : ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79572
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79572
    title Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_IMAGEMAGICK-141118.NASL
    description ImageMagick has been updated to fix four security issues : - Crafted jpeg file could have lead to a Denial of Service. (CVE-2014-8716) - Out-of-bounds memory access in resize code. (CVE-2014-8354) - Out-of-bounds memory access in PCX parser. (CVE-2014-8355) - Out-of-bounds memory error in DCM decode. (CVE-2014-8562)
    last seen 2019-02-21
    modified 2014-12-15
    plugin id 80021
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80021
    title SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-242.NASL
    description This update fixes a large number of potential security problems due to insufficient data validation when parsing different input formats. Most of those potential security problems do not have a CVE number assigned. While the security implications of all of these problems are not all fully known, it is highly recommended to update. The update fixes the following identified vulnerabilities : CVE-2012-3437 Incorrect validation of PNG buffer size, leading to DoS using specially crafted PNG files. CVE-2014-8354 Out of bounds memory access in resize CVE-2014-8355 Buffer overflow in PCX reader CVE-2014-8562 Buffer overflow in DCM readers NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 84130
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84130
    title Debian DLA-242-1 : imagemagick security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-3612.NASL
    description Security fix for CVE-2014-8354,CVE-2014-8355 and 4 other security issues Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-30
    plugin id 82748
    published 2015-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82748
    title Fedora 21 : ImageMagick-6.8.8.10-6.fc21 (2015-3612)
  • NASL family Windows
    NASL id IMAGEMAGICK_6_8_9_9.NASL
    description The remote Windows host is running a version of ImageMagick prior to version 6.8.9-9. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exist in the function 'CloneImage' within file 'image.c' that can allow application crashes or information disclosure. (CVE-2014-8354) - An out-of-bounds read error exist in the function 'ReadPCXImage' within file 'coders/pcx.c' that can allow application crashes or information disclosure. (CVE-2014-8355) - An error exists in the function 'DeleteImageProfile' related to image processing that can allow denial of service attacks. (CVE-2014-8561) - An out-of-bounds read error exists in the 'ReadDCMImage' function within file 'coders/dcm.c' that can allow application crashes or information disclosure. (CVE-2014-8562) - An off-by-one error exists related to '8BIM' handling that can allow an attacker to have an unspecified impact.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78892
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78892
    title ImageMagick < 6.8.9-9 Multiple Vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-105.NASL
    description Updated imagemagick package fixes security vulnerabilities : A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958). A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030). ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82358
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82358
    title Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3131-1.NASL
    description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95053
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95053
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3131-1)
refmap via4
bid 70839
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1158523
misc
Last major update 17-04-2017 - 14:18
Published 11-04-2017 - 15:59
Back to Top