High severity7.5NVD Advisory· Published Mar 20, 2017· Updated May 13, 2026

CVE-2014-9848

Description

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

Affected products

ImageMagick/Imagemagick
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Range: <6.9.4-0
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
OpenSUSE/Leap2 versions
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Desktop2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Server2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp2:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Server For Raspberry Pi
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server_for_raspberry_pi:12.0:sp2:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*
OpenSUSE/Suse Linux Enterprise Workstation Extension2 versions
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.htmlnvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/06/02/13nvdMailing ListThird Party Advisory
www.ubuntu.com/usn/USN-3131-1nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000