MGASA-2014-0087

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0087.html

Import Source

https://advisories.mageia.org/MGASA-2014-0087.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0087

Related

Published

2014-02-21T18:10:03Z

Modified

2014-02-21T18:09:29Z

Summary

Updated imagemagick package fixes security vulnerabilities

Details

A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, potentially, execute arbitrary code with the privileges of the user running ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD images when the input data has a large number of unlabeled layers (CVE-2014-2030).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / imagemagick

Package

Name: imagemagick
Purl: pkg:rpm/mageia/imagemagick?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.1.1-2.1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / imagemagick

Package

Name: imagemagick
Purl: pkg:rpm/mageia/imagemagick?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.7.0-2.1.mga4

Ecosystem specific

{
    "section": "core"
}