8.8
CVSSv3

CVE-2014-1958

Published: 06/02/2020 Updated: 12/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick prior to 6.8.8-5 might allow remote malicious users to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.10

opensuse opensuse 11.4

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian Bug report logs - #740250 imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilo ...
Several buffer overflows were found in Imagemagick, a suite of image manipulation programs Processing malformed PSD files could lead to the execution of arbitrary code For the oldstable distribution (squeeze), these problems have been fixed in version 8:6604-3+squeeze4 For the stable distribution (wheezy), these problems have been fixed in ve ...
ImageMagick could be made to crash or run programs if it opened a specially crafted image file ...
A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick A buffer overflow flaw affecting ImageMa ...