Bug 1083477 (CVE-2014-2030) - CVE-2014-2030 ImageMagick: PSD writing layer name buffer overflow ("L%06ld")
Summary: CVE-2014-2030 ImageMagick: PSD writing layer name buffer overflow ("L%06ld")
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-2030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1067278 1083080
Blocks: 1064101
TreeView+ depends on / blocked
 
Reported: 2014-04-02 10:25 UTC by Stefan Cornelius
Modified: 2024-02-22 05:32 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-04 13:47:38 UTC
Embargoed:


Attachments (Terms of Use)

Description Stefan Cornelius 2014-04-02 10:25:13 UTC
A buffer overflow flaw affecting ImageMagick when creating PSD images was reported. The vulnerability is similar to CVE-2014-1947, except that CVE-2014-2030's format string is "L%06ld" instead of CVE-2014-1947's "L%02ld" due to commit r1448: http://trac.imagemagick.org/changeset/1448

Fixed by commit r13736: http://trac.imagemagick.org/changeset/13736

Comment 1 Tomas Hoger 2014-04-04 13:40:00 UTC
The related CVE-2014-1947 issue is tracked via bug 1064098.

Comment 2 Stefan Cornelius 2014-04-04 13:47:38 UTC
Statement:

Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 3 oregonhill 2024-02-22 05:32:50 UTC
PSD writing layer name buffer overflow vulnerability poses a significant risk to digital design projects. It can lead to data corruption or even system crashes if exploited. For students seeking reliable academic assistance, platforms like EduBirdie are invaluable. By reading reviews on platforms such as https://www.reviews.io/company-reviews/store/edubirdie.com, students can gain insights into the experiences of others and make informed decisions about the writers they choose to work with.


Note You need to log in before you can comment on or make changes to this bug.