CVE-2014-1947: Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

EXPLOIT

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	graphicsmagick	< graphicsmagick 1.3.20-1 (bookworm)	graphicsmagick 1.3.20-1 (bookworm)
debian	imagemagick	< graphicsmagick 1.3.20-1 (bookworm)	graphicsmagick 1.3.20-1 (bookworm)
debian	imagemagick	< imagemagick 8:6.7.7.10+dfsg-1 (bookworm)	imagemagick 8:6.7.7.10+dfsg-1 (bookworm)
graphicsmagick	graphicsmagick	>= 0 < 1.3.20-1	1.3.20-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.20-1	1.3.20-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.20-1	1.3.20-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.20-1	1.3.20-1
imagemagick	imagemagick	<= 6.5.4	—
imagemagick	imagemagick	—	—
imagemagick	imagemagick	>= 0 < 8:6.7.7.10+dfsg-1	8:6.7.7.10+dfsg-1
imagemagick	imagemagick	>= 0 < 8:6.7.7.10+dfsg-1	8:6.7.7.10+dfsg-1
imagemagick	imagemagick	>= 0 < 8:6.7.7.10+dfsg-1	8:6.7.7.10+dfsg-1
imagemagick	imagemagick	>= 0 < 8:6.7.7.10+dfsg-1	8:6.7.7.10+dfsg-1
opensuse	opensuse	—	—
opensuse	opensuse	—	—
opensuse	opensuse	—	—
suse	linux_enterprise_desktop	—	—
suse	linux_enterprise_server	—	—
suse	linux_enterprise_software_development_kit	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv7.8HIGH