CVE-2014-9853

moderate-risk

Published 2017-03-17

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (15)

Linux Enterprise Debuginfo

Opensuse

Suse Linux Enterprise Software Development Kit

Linux Enterprise Desktop

Ubuntu Linux

Imagemagick

Leap

Linux Enterprise Server

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Affected Vendors

Opensuse Opensuse Project Canonical Imagemagick Novell Suse

References (22)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html

Mailing List http://www.openwall.com/lists/oss-security/2016/06/02/13

Third Party Advisory http://www.ubuntu.com/usn/USN-3131-1

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1343513

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html

Mailing List http://www.openwall.com/lists/oss-security/2016/06/02/13

and 2 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate