CVE-2014-9852

Published: Mar 17, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Affected (7)

Products: Imagemagick: Imagemagick · Opensuse: Opensuse, Leap · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension

1 product

2 products

4 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.4-0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2
Suse Linux Enterprise Desktop	Version 12 sp1
Suse Linux Enterprise Server	Version 12 sp1
Suse Linux Enterprise Software Development Kit	Version 12 sp1
Suse Linux Enterprise Workstation Extension	Version 12 sp1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Related CWEs

Improper Control of Dynamically-Managed Code Resources

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/02/13

Source: cve@mitre.org

Mailing ListPatch

https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563

Source: cve@mitre.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1343512

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/02/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1343512

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.