CVE-2014-9847

CRITICAL

ImageMagick 6.8.9.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

References (10)

Core 10
Core References
Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1343506
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/02/13
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3131-1

Scores

CVSS v3 9.8
EPSS 0.0427
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (15)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 16.10
imagemagick/imagemagick 6.8.8-9
opensuse/opensuse 13.2
opensuse_project/leap 42.1
opensuse_project/studio_onsite 1.3
opensuse_project/suse_linux_enterprise_debuginfo 11.0 sp4
opensuse_project/suse_linux_enterprise_desktop 12.0 sp1
... and 5 more
Published Mar 20, 2017
Tracked Since Feb 18, 2026