CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9852

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile21.33th
PublishedMar 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Imagemagick

Imagemagick

< 6.9.4-0
πŸ’»
Opensuse

Opensuse

= 13.2
πŸ’»
Suse

Linux Enterprise Desktop

= 12
πŸ’»
Suse

Linux Enterprise Server

= 12
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 12
πŸ’»
Suse

Linux Enterprise Workstation Extension

= 12
πŸ’»
Opensuse

Leap

= 42.1

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
πŸ”— http://www.openwall.com/lists/oss-security/2016/06/02/13
πŸ”— https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1343512
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

Related Vulnerabilities

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2019-199529.8

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGI...

CVE-2019-199489.8

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...