Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1474912 (CVE-2017-11524)

Summary: CVE-2017-11524 ImageMagick: Assertion failure in the WriteBlob function
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, ethan, jhorak, kseifried, nmurray, pahan, tiwillia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20170604,reported=20170722,source=cve,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,fedora-all/ImageMagick=affected,rhel-5/ImageMagick=wontfix,rhel-6/ImageMagick=wontfix,rhel-7/ImageMagick=wontfix,openshift-enterprise-2/ImageMagick=wontfix
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-25 11:55:53 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Andrej Nemec 2017-07-25 11:44:55 EDT
The WriteBlob function in MagickCore/blob.c in ImageMagick allows attackers to cause a denial of service (assertion failure and application exit) via a crafted file.

Upstream issue:

https://github.com/ImageMagick/ImageMagick/issues/506