CVE-2014-9848

Published Mar 20, 2017

Last updated 13 days ago

CVSS high 7.5

Overview

Description: Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Source: cve@mitre.org
NVD status: Modified
Products: leap, opensuse, leap, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_server_for_raspberry_pi, suse_linux_enterprise_software_development_kit, suse_linux_enterprise_workstation_extension, ubuntu_linux, imagemagick

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "155AE260-C6D6-4393-99B4-8D7AA7C4DFC8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "BA44DE88-2EF9-422B-9513-DD34DBFFC125",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "3643334F-AAD1-483C-9251-95D84B4C54FD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "3158B94D-7439-44CF-B8CB-0B9FA9A92455",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_server_for_raspberry_pi:12.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "43837158-248A-43FD-AE5E-8639AB446D2F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "B9AAF5B0-BE4B-4CB5-A227-6EDA304A2699",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "F010DC31-F435-4D8F-A6CF-A80BD2F85C08",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*",
            "matchCriteriaId": "6F178113-5290-4555-90A9-2D1C9104DF8D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "DC72B85E-E375-4596-B6A1-AA8FA5F6072A",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CFC2C780-A54E-4426-9C52-46A20216339E",
            "versionEndExcluding": "6.9.4-0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References