製品・ソフトウェアに関する情報

JVN脆弱性詳細

ImageMagick におけるサービス運用妨害 (DoS) の脆弱性

Title	ImageMagick におけるサービス運用妨害 (DoS) の脆弱性
Summary	ImageMagick には、論理エラーにより、サービス運用妨害 (リソース消費) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、サービス運用妨害 (リソース消費) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 23, 2014, midnight
Registration Date	April 17, 2017, 6:06 p.m.
Last Update	April 17, 2017, 6:06 p.m.

CVSS3.0 : 重要
Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

ImageMagick

ImageMagick 6.8.9.9

Canonical

Ubuntu 12.04 LTS

Ubuntu 14.04 LTS

Ubuntu 16.04 LTS

Ubuntu 16.10

SUSE

SUSE Linux Enterprise Desktop 12-SP1

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Workstation Extension 12-SP1

openSUSE project

openSUSE 13.2

openSUSE Leap 42.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-9850	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9850
National Vulnerability Database (NVD)
2	CVE-2014-9850	https://nvd.nist.gov/vuln/detail/CVE-2014-9850

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Alioth
1	Thread limit should be at least 1.	https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2257d1eadd02d89d225fce21013a1219d221dc7d
opensuse-security-announce
2	openSUSE-SU-2016:1748	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
3	openSUSE-SU-2016:1833	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
4	SUSE-SU-2016:1784	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
Red Hat Bugzilla
5	Bug 1343510	https://bugzilla.redhat.com/show_bug.cgi?id=1343510
Ubuntu Security Notice
6	USN-3131-1	https://www.ubuntu.com/usn/USN-3131-1/

Change Log

No	Changed Details	Date of change
0	[2017年04月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-9850

Summary	Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
Publication Date	March 21, 2017, 1:59 a.m.
Registration Date	Jan. 26, 2021, 3:23 p.m.
Last Update	Nov. 21, 2024, 11:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1::::::
cpe:2.3:o:opensuse_project:leap:42.1:::::::*
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1::::::
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1::::::
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1::::::
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:imagemagick:imagemagick:6.8.8-9:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html	Mailing List Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2016/06/02/13	Mailing List Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2016/06/02/13	Mailing List Third Party Advisory
9	http://www.ubuntu.com/usn/USN-3131-1	Third Party Advisory
10	http://www.ubuntu.com/usn/USN-3131-1	Third Party Advisory
11	https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2257d1eadd02d89d225fce21013a1219d221dc7d	Patch Third Party Advisory
12	https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2257d1eadd02d89d225fce21013a1219d221dc7d	Patch Third Party Advisory
13	https://bugzilla.redhat.com/show_bug.cgi?id=1343510	Issue Tracking Patch Third Party Advisory VDB Entry
14	https://bugzilla.redhat.com/show_bug.cgi?id=1343510	Issue Tracking Patch Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:opensuse_project:suse_linux_enterprise_workstation_extension:12.0:sp1::::::
cpe:2.3:o:opensuse_project:leap:42.1:::::::*
cpe:2.3:o:opensuse_project:suse_linux_enterprise_server:12.0:sp1::::::
cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:12.0:sp1::::::
cpe:2.3:o:opensuse_project:suse_linux_enterprise_software_development_kit:12.0:sp1::::::
cpe:2.3:o:opensuse:opensuse:13.2:::::::*