CVE-2014-1947 (retired)

Priority
Description
The clarified meaning of CVE-2014-1947 is now the vulnerability in older
ImageMagick versions (such as 6.5.4) that use the "L%02ld" string. The
root cause here is that the code did not cover the case of more than 99
layers, which is apparently allowable but relatively uncommon. This has a
resultant buffer overflow, e.g, L99\0 is safe but L100\0 is unsafe. When
the overflow occurs, it can be described as "1 or more bytes too many."
Notes
 mdeslaur> same fix as CVE-2014-2030
Assigned-to
mdeslaur
Package
Upstream:needed
Patches:
Upstream:http://trac.imagemagick.org/changeset/13736
More Information

Updated: 2019-09-19 15:48:40 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)