Buffer Overflow Vulnerability in ImageMagick Products
CVE-2014-1958

8.8HIGH

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
6 February 2020

What is CVE-2014-1958?

A buffer overflow vulnerability exists in the DecodePSDPixels function of ImageMagick, affecting versions prior to 6.8.8-5. This flaw can be exploited by remote attackers through specially crafted PSD images, potentially allowing them to execute arbitrary code on vulnerable systems. The vulnerability arises from improper handling of certain input strings, leading to memory corruption and subsequent unauthorized access.

References

http://trac.imagemagick.org/changeset/14801
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2014/02/13/2
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/02/13/5
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.