Use After Free Affecting imagemagick package, versions <8:6.7.7.10-6ubuntu3.11
Threat Intelligence
Exploit Maturity
Exploit maturity not defined.
Not Defined
EPSS
0.26% (66th percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UBUNTU1404-IMAGEMAGICK-401146
- published3 Oct 2017
- disclosed3 Oct 2017
Introduced: 3 Oct 2017
CVE-2017-14989 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade Ubuntu:14.04 imagemagick to version 8:6.7.7.10-6ubuntu3.11 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu.
See How to fix? for Ubuntu:14.04 relevant fixed versions and status.
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.