1
Candidate: CVE-2014-1947
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1947
6
The clarified meaning of CVE-2014-1947 is now the vulnerability in older
7
ImageMagick versions (such as 6.5.4) that use the "L%02ld" string. The
8
root cause here is that the code did not cover the case of more than 99
9
layers, which is apparently allowable but relatively uncommon. This has a
10
resultant buffer overflow, e.g, L99\0 is safe but L100\0 is unsafe. When
11
the overflow occurs, it can be described as "1 or more bytes too many."
14
mdeslaur> same fix as CVE-2014-2030
16
https://bugzilla.redhat.com/show_bug.cgi?id=1064098
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740250
23
upstream: http://trac.imagemagick.org/changeset/13736
24
upstream_imagemagick: needed
25
lucid_imagemagick: ignored (reached end-of-life)
26
precise_imagemagick: not-affected
27
quantal_imagemagick: not-affected
28
saucy_imagemagick: not-affected
29
devel_imagemagick: not-affected