CVE-2014-9915

MEDIUM

ImageMagick < 6.6.0-3 - Denial of Service via Crafted 8BIM Profile

Title source: llm
STIX 2.1

Description

Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1410436
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/12/26/9

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 37.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-189
Status published
Products (1)
imagemagick/imagemagick < 6.6.0-3
Published Mar 23, 2017
Tracked Since Feb 18, 2026