Published: 06/02/2020 Updated: 11/02/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

Vulnerable Product	Search on Vulmon	Subscribe to Product
imagemagick imagemagick 6.8.8-5
canonical ubuntu linux 12.04
canonical ubuntu linux 12.10
canonical ubuntu linux 13.10
opensuse opensuse 11.4
opensuse opensuse 12.3
opensuse opensuse 13.1

ImageMagick could be made to crash or run programs if it opened a specially crafted image file ...

Debian Bug report logs - #740250 imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilo ...

Several buffer overflows were found in Imagemagick, a suite of image manipulation programs Processing malformed PSD files could lead to the execution of arbitrary code For the oldstable distribution (squeeze), these problems have been fixed in version 8:6604-3+squeeze4 For the stable distribution (wheezy), these problems have been fixed in ve ...

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick A buffer overflow flaw affecting ImageMa ...

#!/usr/bin/perl ######################################################################################## # Exploit Title: ImageMagick < 688-5 - Local Buffer Overflow (SEH) # Date: 2-13-2014 # Exploit Author: Mike Czumak (T_v3rn1x) -- @SecuritySift # Vulnerable Software: ImageMagick (all versions prior to 688-5) # Software Link: ftpsu ...

CWE-787 http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html http://ubuntu.com/usn/usn-2132-1 https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736 http://www.openwall.com/lists/oss-security/2014/02/12/2 http://www.openwall.com/lists/oss-security/2014/02/19/13 https://bugzilla.redhat.com/show_bug.cgi?id=1064098 http://www.openwall.com/lists/oss-security/2014/02/13/5 http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html https://usn.ubuntu.com/2132-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/31688/

CVE-2014-2030

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect