CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-9852

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile21.33th
Published2017年3月17日
Last Modified2026年5月13日

Vulnerability Description

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

Affected Platforms (CPE)

📦
Imagemagick

Imagemagick

< 6.9.4-0
💻
Opensuse

Opensuse

= 13.2
💻
Suse

Linux Enterprise Desktop

= 12
💻
Suse

Linux Enterprise Server

= 12
💻
Suse

Linux Enterprise Software Development Kit

= 12
💻
Suse

Linux Enterprise Workstation Extension

= 12
💻
Opensuse

Leap

= 42.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
🔗 http://www.openwall.com/lists/oss-security/2016/06/02/13
🔗 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1343512
🔗 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html

相關漏洞威脅

CVE-2004-098110.0

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a ce...

CVE-2019-199529.8

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGI...

CVE-2019-199489.8

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

CVE-2021-335649.8

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitr...