CVE-2014-9844

moderate-risk

Published 2017-03-20

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (15)

Opensuse

Leap

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Suse Linux Enterprise Workstation Extension

Ubuntu Linux

Studio Onsite

Suse Linux Enterprise Debuginfo

Suse Linux Enterprise Software Development Kit

Imagemagick

Affected Vendors

Canonical Suse Opensuse Imagemagick Opensuse Project

References (20)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Mailing List http://www.openwall.com/lists/oss-security/2016/06/02/13

Third Party Advisory http://www.ubuntu.com/usn/USN-3131-1

Patch https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-pa...

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1343502