CVE-2014-9852 - distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remot

CVE-2014-9852

Summary

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:

CWE

CWE-913

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563 https://bugzilla.redhat.com/show_bug.cgi?id=1343512
mlist	[oss-security] 20160602 Re: ImageMagick CVEs
suse	SUSE-SU-2016:1784 openSUSE-SU-2016:1748 openSUSE-SU-2016:1833

Last major update

30-10-2018 - 16:27

Published

17-03-2017 - 14:59

Last modified

30-10-2018 - 16:27