CVE-2014-9854
HIGHImageMagick < 6.9.4-0 - Denial of Service in TIFF Image Identification
Title source: llmDescription
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
Patch x_refsource_confirm
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
Mailing List, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/02/13
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1343514
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3131-1
Patch x_refsource_confirm
http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b
Scores
CVSS v3
7.5
EPSS
0.0194
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
Status
published
Products (10)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
16.10
imagemagick/imagemagick
< 6.9.4-0
opensuse/leap
42.1
opensuse/opensuse
13.2
suse/linux_enterprise_server
11 sp4
suse/linux_enterprise_software_development_kit
11 sp4
suse/suse_linux_enterprise_server
12
Published
Mar 17, 2017
Tracked Since
Feb 18, 2026