ID CVE-2014-9853
Summary Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
References
Vulnerable Configurations
  • cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*
    cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
    cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
    cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1343513
mlist [oss-security] 20160602 Re: ImageMagick CVEs
suse
  • SUSE-SU-2016:1782
  • SUSE-SU-2016:1783
  • SUSE-SU-2016:1784
  • openSUSE-SU-2016:1724
  • openSUSE-SU-2016:1748
  • openSUSE-SU-2016:1833
  • openSUSE-SU-2016:2073
  • openSUSE-SU-2016:3060
ubuntu USN-3131-1
Last major update 30-10-2018 - 16:27
Published 17-03-2017 - 14:59
Last modified 30-10-2018 - 16:27
Back to Top