CVE-2014-2030: 
ImageMagick vulnerability analysis and mitigation

CVE-2014-2030 is a stack-based buffer overflow vulnerability in the WritePSDImage function within coders/psd.c of ImageMagick, possibly version 6.8.8-5. The vulnerability was disclosed in early 2014 and affects ImageMagick versions that use the 'L%06ld' string format for layer naming (NVD, OpenWall).

The vulnerability stems from a buffer overflow condition where the code failed to recognize the relationship between the 8 (or more) characters in 'L%06ld' string and the actual buffer size. This resulted in a buffer overflow of '4 or more bytes too many' when writing layer names. The vulnerability has a CVSS v3.1 Base Score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via a crafted PSD image. The vulnerability requires user interaction, typically through opening a maliciously crafted PSD file (NVD).

The vulnerability was addressed in ImageMagick by increasing the buffer size for layer names to MaxTextExtent. Multiple Linux distributions released security updates to address this vulnerability, including Ubuntu (USN-2132-1) and OpenSUSE (OpenSUSE, Ubuntu).