CVE-2015-8894
Severity CVSS v4.0:
Pending analysis
Type:
CWE-415
Double Free
Publication date:
15/03/2017
Last modified:
20/04/2025
Description
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
- https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
- https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8