CVE-2014-1958: 
ImageMagick vulnerability analysis and mitigation

Buffer overflow vulnerability (CVE-2014-1958) was discovered in ImageMagick before version 6.8.8-5, specifically in the DecodePSDPixels function within coders/psd.c. This vulnerability is distinct from CVE-2014-2030 and involves the L%06ld string format (NVD).

The vulnerability stems from a buffer overflow condition in the DecodePSDPixels function when processing PSD images. The root cause is that the code did not properly recognize the relationship between the 8 (or more) characters in 'L%06ld' string and the actual buffer size, resulting in a buffer overflow of '4 or more bytes too many' (OSS Security). The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow remote attackers to execute arbitrary code via a crafted PSD image. The impact could include denial of service or code execution with the privileges of the user invoking the program (Ubuntu Security).

The vulnerability was fixed in ImageMagick version 6.8.8-5. Various Linux distributions released security updates to address this issue, including Ubuntu 13.10, 12.10, and 12.04 LTS, as well as OpenSUSE 13.1, 12.3, and 11.4. Users are advised to update their systems to the patched versions (OpenSUSE Security, Ubuntu Security).