Critical severity9.8NVD Advisory· Published Mar 20, 2017· Updated May 13, 2026

CVE-2014-9846

Description

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Affected products

ImageMagick/Imagemagick
cpe:2.3:a:imagemagick:imagemagick:6.8.8-9:*:*:*:*:*:*:*
SUSE S.A./Studio Onsite
cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
OpenSUSE/Leap2 versions
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Debuginfo
cpe:2.3:o:opensuse_project:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Desktop
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Server2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Workstation Extension
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/nvdPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.htmlnvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/06/02/13nvdMailing ListThird Party Advisory
www.ubuntu.com/usn/USN-3131-1nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000