Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2014-9824

Published: 30 March 2017

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.

Notes

Author	Note
mdeslaur	This is 0025-Fix-handling-of-corrupted-of-psd-sun-and-xpm-file.patch

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	upstream	Released (8:6.8.9.9-4)
	precise	Not vulnerable (code not present)
	wily	Not vulnerable (8:6.8.9.9-5ubuntu2)
	xenial	Not vulnerable (8:6.8.9.9-7ubuntu5)
	yakkety	Not vulnerable (8:6.8.9.9-7ubuntu8)
	trusty	Not vulnerable (code not present)

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773834

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading