8.8
CVSSv3

CVE-2014-2030

Published: 06/02/2020 Updated: 11/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick 6.8.8-5

canonical ubuntu linux 13.10

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

opensuse opensuse 12.3

opensuse opensuse 11.4

opensuse opensuse 13.1

Vendor Advisories

ImageMagick could be made to crash or run programs if it opened a specially crafted image file ...
Debian Bug report logs - #740250 imagemagick: CVE-2014-1947 CVE-2014-1958 CVE-2014-2030 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilo ...
Several buffer overflows were found in Imagemagick, a suite of image manipulation programs Processing malformed PSD files could lead to the execution of arbitrary code For the oldstable distribution (squeeze), these problems have been fixed in version 8:6604-3+squeeze4 For the stable distribution (wheezy), these problems have been fixed in ve ...
A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick A buffer overflow flaw affecting ImageMa ...

Exploits

#!/usr/bin/perl ######################################################################################## # Exploit Title: ImageMagick < 688-5 - Local Buffer Overflow (SEH) # Date: 2-13-2014 # Exploit Author: Mike Czumak (T_v3rn1x) -- @SecuritySift # Vulnerable Software: ImageMagick (all versions prior to 688-5) # Software Link: ftpsu ...