Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2014-1947

Published: 17/02/2020 Updated: 21/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

suse linux enterprise desktop 11

suse linux enterprise server 11

suse linux enterprise software development kit 11

Vendor Advisories

Debian CVElist Bug Report Logs: imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030
Debian Bug report logs - #740250 imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilo ...
Debian Security Advisories: DSA-2898-1 imagemagick -- security update
Several buffer overflows were found in Imagemagick, a suite of image manipulation programs Processing malformed PSD files could lead to the execution of arbitrary code For the oldstable distribution (squeeze), these problems have been fixed in version 8:6604-3+squeeze4 For the stable distribution (wheezy), these problems have been fixed in ve ...
Amazon Linux AMI: ALAS-2014-420
A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported ...
Amazon Linux AMI: ALAS-2014-336
A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick A buffer overflow flaw affecting ImageMa ...

Exploits

Exploit DB: ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
#!/usr/bin/perl ######################################################################################## # Exploit Title: ImageMagick < 688-5 - Local Buffer Overflow (SEH) # Date: 2-13-2014 # Exploit Author: Mike Czumak (T_v3rn1x) -- @SecuritySift # Vulnerable Software: ImageMagick (all versions prior to 688-5) # Software Link: ftpsu ...

References

CWE-787http://www.openwall.com/lists/oss-security/2014/02/13/2http://www.openwall.com/lists/oss-security/2014/02/12/2http://www.openwall.com/lists/oss-security/2014/02/12/13http://www.openwall.com/lists/oss-security/2014/02/19/13http://www.openwall.com/lists/oss-security/2014/02/13/5https://bugzilla.redhat.com/show_bug.cgi?id=1064098https://www.suse.com/support/update/announcement/2014/suse-su-20140359-1.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740250https://nvd.nist.govhttps://www.exploit-db.com/exploits/31688/https://www.debian.org/security/./dsa-2898
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook