ID CVE-2014-8716
Summary The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
References
Vulnerable Configurations
  • ImageMagick 6.8.9-8
    cpe:2.3:a:imagemagick:imagemagick:6.8.9-8
CVSS
Base: 2.1 (as of 15-04-2017 - 18:07)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-960.NASL
    description This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure, or the execution of arbitrary code if malformed PCX, DCM, JPEG, PSD, HDR, MIFF, PDB, VICAR, SGI, SVG, AAI, MNG, EXR, MAT, SFW, JNG, PCD, XWD, PICT, BMP, MTV, SUN, EPT, ICON, DDS, or ART files are processed. For Debian 7 'Wheezy', these problems have been fixed in version 6.7.7.10-5+deb7u14. We recommend that you upgrade your imagemagick packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 100480
    published 2017-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100480
    title Debian DLA-960-1 : imagemagick security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-90.NASL
    description Some special crafted JPEG file could lead to dos due to missing check in embeded EXIF properties (EXIF directory offsets must be greater than 0). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 82235
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82235
    title Debian DLA-90-1 : imagemagick security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-712.NASL
    description ImageMagick was updated to fix one security issue. This security issue was fixed : - Crafted jpeg file could lead to DOS (CVE-2014-8716).
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 79574
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79574
    title openSUSE Security Update : ImageMagick (openSUSE-SU-2014:1492-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-226.NASL
    description Updated imagemagick packages fix security vulnerabilities : ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79572
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79572
    title Mandriva Linux Security Advisory : imagemagick (MDVSA-2014:226)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_IMAGEMAGICK-141118.NASL
    description ImageMagick has been updated to fix four security issues : - Crafted jpeg file could have lead to a Denial of Service. (CVE-2014-8716) - Out-of-bounds memory access in resize code. (CVE-2014-8354) - Out-of-bounds memory access in PCX parser. (CVE-2014-8355) - Out-of-bounds memory error in DCM decode. (CVE-2014-8562)
    last seen 2019-02-21
    modified 2014-12-15
    plugin id 80021
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80021
    title SuSE 11.3 Security Update : Image Magick (SAT Patch Number 9976)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-105.NASL
    description Updated imagemagick package fixes security vulnerabilities : A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958). A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030). ImageMagick is vulnerable to a denial of service due to out-of-bounds memory accesses in the resize code (CVE-2014-8354), PCX parser (CVE-2014-8355), DCM decoder (CVE-2014-8562), and JPEG decoder (CVE-2014-8716).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82358
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82358
    title Mandriva Linux Security Advisory : imagemagick (MDVSA-2015:105)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3131-1.NASL
    description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 95053
    published 2016-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95053
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : imagemagick vulnerabilities (USN-3131-1)
refmap via4
bid 70992
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1164248
misc http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
Last major update 17-04-2017 - 09:00
Published 11-04-2017 - 15:59
Back to Top