CVE-2014-8561 — Infinite Loop in Imagemagick

CWE-835 — Infinite Loop CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 22.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedDec 15

Latest updateMay 17

Description

imagemagick 6.8.9.6 has remote DOS via infinite loop

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.8.9.9-1 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.8.9.9-1+3

▶NVDimagemagick/imagemagick6.8.9-6

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-jj2v-p4vp-x632: imagemagick 6↗2022-05-17

▶

OSV

CVE-2014-8561: imagemagick 6↗2019-12-15

▶

📋Vendor Advisories

Red Hat

ImageMagick: convert +profile regression enters infinite loop exhausting memory↗2019-11-14

▶

Debian

CVE-2014-8561: imagemagick - imagemagick 6.8.9.6 has remote DOS via infinite loop↗2014

▶

💬Community

Bugzilla

CVE-2014-8561 ImageMagick: convert +profile regression enters infinite loop exhausting memory [epel-8]↗2019-11-27

▶

Bugzilla

CVE-2014-8561 ImageMagick: convert +profile regression enters infinite loop exhausting memory↗2019-11-27

▶

Bugzilla

CVE-2014-8561 ImageMagick: convert +profile regression enters infinite loop exhausting memory [fedora-all]↗2019-11-27

▶