Red Hat Bugzilla – Bug 1067276
CVE-2014-1958 ImageMagick: buffer overflow flaw when handling PSD images that use RLE encoding
Last modified: 2015-01-04 17:38:42 EST
A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick.
Upstream fix: http://trac.imagemagick.org/changeset/14801
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1067277]
Reported upstream: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128
(In reply to Pavel Alexeev (aka Pahan-Hubbitus) from comment #2)
> Reported upstream:
Introduced in version 6.8.8-1 with commit 14043.
Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6.