Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2030Classic Buffer Overflow in Imagemagick

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds WriteCWE-20Improper Input ValidationCWE-287Improper Authentication27 documents9 sources
Severity
8.8HIGHNVD
NVD7.8OSV7.8
EPSS
18.8%
top 4.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
GraphicsmagickImagemagickDebian Graphicsmagick+6 more
Timeline
PublishedFeb 6
Latest updateMay 17

Description

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

debiandebian/imagemagick< imagemagick 8:6.7.7.10+dfsg-1 (bookworm)+1
NVDimagemagick/imagemagick< 6.8.8-5+2
Debianimagemagick/imagemagick< 8:6.7.7.10+dfsg-1+3
debiandebian/graphicsmagick< graphicsmagick 1.3.20-1 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.3.20-1+3

Also affects: Ubuntu Linux 12.04, 12.10, 13.10

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: web.archive.org

🔴Vulnerability Details

6
GHSA
GHSA-6f4f-vqcj-cwvr: Buffer overflow in the DecodePSDPixels function in coders/psd2022-05-17
GHSA
GHSA-jfcr-jpxh-mcqv: Stack-based buffer overflow in the WritePSDImage function in coders/psd2022-05-17
GHSA
GHSA-8x3c-597h-8r5w: Stack-based buffer overflow in the WritePSDImage function in coders/psd2022-05-17
OSV
CVE-2014-1947: Stack-based buffer overflow in the WritePSDImage function in coders/psd2020-02-17
OSV
CVE-2014-1958: Buffer overflow in the DecodePSDPixels function in coders/psd2020-02-06

💥Exploits & PoCs

1
Exploit-DB
ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)2014-02-16

📋Vendor Advisories

11
Ubuntu
ImageMagick vulnerabilities2014-03-06
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control System2014-01-16
Debian
CVE-2014-1958: imagemagick - Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick b...2014
Debian
CVE-2014-1947: graphicsmagick - Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in Ima...2014
Debian
CVE-2014-2030: imagemagick - Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in Ima...2014

💬Community

6
Bugzilla
CVE-2014-2030 ImageMagick: PSD writing layer name buffer overflow ("L%06ld")2014-04-02
Bugzilla
CVE-2014-1947 CVE-2014-2030 ImageMagick, GraphicsMagick: buffer overflow when handling PSD images [fedora-all]2014-04-01
Bugzilla
CVE-2014-1947 CVE-2014-2030 ImageMagick, GraphicsMagick: buffer overflow when handling PSD images [epel-5]2014-04-01
Bugzilla
CVE-2014-1947 CVE-2014-2030 ImageMagick, GraphicsMagick: buffer overflow when handling PSD images [epel-6]2014-04-01
Bugzilla
CVE-2014-1947 CVE-2014-2030 ImageMagick: buffer overflow when handling PSD images [fedora-all]2014-02-20
CVE-2014-2030 — Classic Buffer Overflow in Imagemagick | cvebase