Skip to main content

Studio Onsite CVE-2014-9846

CRITICAL
Buffer Overflow (CWE-119)
2017-03-20 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 20, 2017 - 16:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

AnalysisAI

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Affected products include: Suse Studio Onsite, Opensuse Leap, Opensuse, Opensuse Project Leap, Opensuse Project Suse Linux Enterprise Debuginfo.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2013-4547 HIGH POC
7.5 Nov 23

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescap

CVE-2016-5118 CRITICAL
9.8 Jun 10

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbit

CVE-2013-3709 HIGH POC
7.2 Dec 23

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges b

CVE-2014-9847 CRITICAL
9.8 Mar 20

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (C

CVE-2016-0718 CRITICAL
9.8 May 26

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a m

CVE-2013-3712 CRITICAL
10.0 Feb 26

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has

CVE-2015-1283 MEDIUM
6.8 Jul 23

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.24

CVE-2014-9844 MEDIUM
5.5 Mar 20

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (o

CVE-2015-8808 MEDIUM
5.5 Jul 13

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (

CVE-2016-2317 MEDIUM
5.5 Feb 03

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a cra

CVE-2016-2318 MEDIUM
5.5 Feb 03

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG

CVE-2014-9845 MEDIUM
5.5 Mar 20

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) vi

Share

CVE-2014-9846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy