Advisories » MGASA-2014-0370

Updated graphicsmagick packages fix CVE-2014-1947

Publication date: 05 Sep 2014
Modification date: 05 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1947

Description

Updated graphicsmagick packages fix security vulnerability:

A buffer overflow flaw was found in the way GraphicsMagick writes PSD images
when the input data has a large number of layers. Due to the compilation
options used in Mageia, the buffer overflow is reduced to a crash, making
this a denial of service issue (CVE-2014-1947).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14014
• https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137120.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1947

SRPMS

3/core

• graphicsmagick-1.3.17-2.3.mga3

4/core

• graphicsmagick-1.3.18-3.2.mga4