Bug 1361492 (CVE-2016-6491)

Summary: CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, dmcphers, ethan, jhorak, jialiu, jokerman, kseifried, lmeyer, mmccomas, nmurray, pahan, sardella, slawomir, tiwillia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: ImageMagick 6.9.5-4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-01 10:08:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1361494    
Bug Blocks: 1361496    

Description Adam Mariš 2016-07-29 07:37:53 UTC
An out-of-bounds read vulnerability in CopyMagickMemory was found that can lead to memory leak because the read data are written into output image using SetImageProperty or can cause DoS by crashing the application.

Upstream patch:


CVE assignment:


Comment 1 Adam Mariš 2016-07-29 07:39:13 UTC
Created ImageMagick tracking bugs for this issue:

Affects: fedora-all [bug 1361494]