| Summary: | <media-gfx/imagemagick-6.8.8.5: PSD Images Processing RLE Decoding Buffer Overflow Vulnerability (CVE-2014-1947) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/56844/ | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 482788 | ||
| Bug Blocks: | |||
alpha, ppc64 and sparc needs to do bug 491876 before they can handle this one. Test and stabilize (after handling bug 491876): =media-gfx/imagemagick-6.8.8.5 Stable for HPPA. imagemagick-6.8.8.5 contains the dep: jpeg2k? ( media-libs/openjpeg:2 ) openjpeg:2 is not stable. I believe this requires stable masking, or it must be stabilized. amd64 stable arm stable This stable request can't be completed because of the following repoman's error(s): media-gfx/imagemagick/imagemagick-6.8.8.5.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['virtual/opencl'] In case you are the maintainer of the needed package(s), please authorize the stabilization and edit the summary of this bug. In case you are not the maintainer of the needed package(s), please open the necessary bug(s) and make a block for this bug. To find the full list, feel free to follow this article: http://blogs.gentoo.org/ago/2012/07/06/repoman-check-before-file-stable-request alpha stable x86 stable ppc stable ppc64 stable ia64 and sparc: stabilization will continue in security bug 506562 for 6.8.8.10 Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201405-09 at http://security.gentoo.org/glsa/glsa-201405-09.xml by GLSA coordinator Chris Reffett (creffett). |
From ${URL} : Description A vulnerability has been reported in ImageMagick, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error during RLE decoding of a PSD image and can be exploited to cause a buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerability is reported in versions prior to 6.8.8-5. Solution: Update to version 6.8.8-5. Provided and/or discovered by: The vendor credits Justin Grant. Original Advisory: http://www.imagemagick.org/script/changelog.php http://freecode.com/projects/imagemagick/tags/bugfixes @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.