CVE-2014-9846

Q: What is the severity of CVE-2014-9846?

CVE-2014-9846 has a CVSS score of 9.8 (CRITICAL). This CVE describes a buffer overflow vulnerability in ImageMagick's RLE image decoder that allows remote attackers to execute arbitrary code or cause denial of service. It affects systems processing untrusted RLE image files with vulnerable ImageMagick versions. The high CVSS score indicates critical severity with network-accessible attack vectors.

9.8 CRITICAL

📋 TL;DR

This CVE describes a buffer overflow vulnerability in ImageMagick's RLE image decoder that allows remote attackers to execute arbitrary code or cause denial of service. It affects systems processing untrusted RLE image files with vulnerable ImageMagick versions. The high CVSS score indicates critical severity with network-accessible attack vectors.

💻 Affected Systems

Products:

ImageMagick

Versions: 6.8.9.9 and earlier versions

Operating Systems: All platforms running vulnerable ImageMagick

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using ImageMagick to process RLE images from untrusted sources is vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes or memory corruption when processing malicious RLE files.

🟢

If Mitigated

Limited impact with proper input validation, sandboxing, and privilege separation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow vulnerabilities in image parsers are commonly exploited. The references suggest active exploitation awareness.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.8.9.10 and later

Vendor Advisory: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html

Restart Required: No

Instructions:

1. Update ImageMagick to version 6.8.9.10 or later. 2. For Linux: Use package manager (apt-get upgrade imagemagick, yum update imagemagick). 3. For source builds: Download latest from imagemagick.org and recompile.

🔧 Temporary Workarounds

Disable RLE format support

linux

Remove RLE format from ImageMagick's policy.xml to prevent processing of vulnerable file type.

sed -i '/<policy domain="delegate" rights="none" pattern="RLE" \/>/d' /etc/ImageMagick/policy.xml
echo '<policy domain="delegate" rights="none" pattern="RLE" />' >> /etc/ImageMagick/policy.xml

🧯 If You Can't Patch

Implement strict input validation and sanitization for all image uploads.
Run ImageMagick in sandboxed/containerized environments with minimal privileges.

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version: convert --version | head -1

Check Version:

convert --version | head -1

Verify Fix Applied:

Verify version is 6.8.9.10 or higher: convert --version | grep -q '6.8.9-1[0-9]\|6.8.9-[2-9]\|6.8.[1-9][0-9]\|6.9\|7.' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

ImageMagick process crashes
Memory access violation errors in system logs
Failed RLE image processing attempts

Network Indicators:

Unusual RLE file uploads to web applications
Traffic patterns suggesting image-based exploit attempts

SIEM Query:

source="*syslog*" AND ("ImageMagick" AND ("segmentation fault" OR "buffer overflow" OR "rle"))

📊 Metadata

CVE ID: CVE-2014-9846

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 20, 2017

Last Updated: April 20, 2025

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/02/13 Mailing List,Third Party Advisory
http://www.ubuntu.com/usn/USN-3131-1 Third Party Advisory
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370 Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1343504 Issue Tracking,Patch,Third Party Advisory,VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/02/13 Mailing List,Third Party Advisory
http://www.ubuntu.com/usn/USN-3131-1 Third Party Advisory
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2d90693af41a363a988a9db3a91a15f9ca7c7370 Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1343504 Issue Tracking,Patch,Third Party Advisory,VDB Entry

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Imagemagick by Imagemagick

Leap by Opensuse

Leap by Opensuse Project

Opensuse by Opensuse

Studio Onsite by Suse

Suse Linux Enterprise Debuginfo by Opensuse Project

Suse Linux Enterprise Desktop by Opensuse Project

Suse Linux Enterprise Server by Opensuse Project

Suse Linux Enterprise Server by Opensuse Project

Suse Linux Enterprise Software Development Kit by Opensuse Project

Suse Linux Enterprise Software Development Kit by Opensuse Project

Suse Linux Enterprise Workstation Extension by Opensuse Project

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RLE format support

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities