Lucene search

[email protected]CVE-2014-9842

HistoryMar 20, 2017 - 4:59 p.m.

CVE-2014-9842

2017-03-2016:59:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2014-9842

memory leak

readpsdlayers

coders/psd.c

imagemagick

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

Affected configurations

NVD

Node

opensuseopensuseMatch13.2

opensuse_projectleapMatch42.1

opensuse_projectsuse_linux_enterprise_debuginfoMatch11.0sp4

opensuse_projectsuse_linux_enterprise_desktopMatch12.0sp1

opensuse_projectsuse_linux_enterprise_serverMatch11.0sp4

opensuse_projectsuse_linux_enterprise_serverMatch12.0sp1

opensuse_projectsuse_linux_enterprise_software_development_kitMatch11.0sp4

opensuse_projectsuse_linux_enterprise_software_development_kitMatch12.0sp1

opensuse_projectsuse_linux_enterprise_workstation_extensionMatch12.0sp1

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch16.10

Node

imagemagickimagemagickMatch6.8.8-9

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.2
opensuse_project:leapopensuse project leapeq42.1
opensuse_project:suse_linux_enterprise_debuginfoopensuse project suse linux enterprise debuginfoeq11.0
opensuse_project:suse_linux_enterprise_desktopopensuse project suse linux enterprise desktopeq12.0
opensuse_project:suse_linux_enterprise_serveropensuse project suse linux enterprise servereq11.0
opensuse_project:suse_linux_enterprise_serveropensuse project suse linux enterprise servereq12.0
opensuse_project:suse_linux_enterprise_software_development_kitopensuse project suse linux enterprise software development kiteq11.0
opensuse_project:suse_linux_enterprise_software_development_kitopensuse project suse linux enterprise software development kiteq12.0
opensuse_project:suse_linux_enterprise_workstation_extensionopensuse project suse linux enterprise workstation extensioneq12.0

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.2
opensuse_project:leap	opensuse project leap	eq	42.1
opensuse_project:suse_linux_enterprise_debuginfo	opensuse project suse linux enterprise debuginfo	eq	11.0
opensuse_project:suse_linux_enterprise_desktop	opensuse project suse linux enterprise desktop	eq	12.0
opensuse_project:suse_linux_enterprise_server	opensuse project suse linux enterprise server	eq	11.0
opensuse_project:suse_linux_enterprise_server	opensuse project suse linux enterprise server	eq	12.0
opensuse_project:suse_linux_enterprise_software_development_kit	opensuse project suse linux enterprise software development kit	eq	11.0
opensuse_project:suse_linux_enterprise_software_development_kit	opensuse project suse linux enterprise software development kit	eq	12.0
opensuse_project:suse_linux_enterprise_workstation_extension	opensuse project suse linux enterprise workstation extension	eq	12.0