CVE-2014-9854

Published: Mar 17, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

Affected (10)

Products: Imagemagick: Imagemagick · Opensuse: Leap, Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit, Suse Linux Enterprise Server · +1 more

Show all products

Imagemagick: Imagemagick · Opensuse: Leap, Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit, Suse Linux Enterprise Server · Canonical: Ubuntu Linux

1 product

2 products

3 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Suse Linux Enterprise Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 6.9.4-0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2
Suse Linux Enterprise Server	Version 11 sp4
Suse Linux Enterprise Software Development Kit	Version 11 sp4
Suse Suse Linux Enterprise Server	Version 12

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 16.10

Related CWEs

References (18)

http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/02/13

Source: cve@mitre.org

Mailing ListPatch

http://www.ubuntu.com/usn/USN-3131-1

Source: cve@mitre.org

Third Party Advisory

https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed

Source: cve@mitre.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1343514

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/02/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.ubuntu.com/usn/USN-3131-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1343514

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.