CVE-2019-10650 ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
Comment 2Huzaifa S. Sidhpurwala
2019-04-18 06:09:37 UTC
Analysis:
Essentially a heap-based OOB read which can crash the application while reading specially crafted TIFF files. Seems like crash or DoS is the maximum impact, no easy way to read bits of OOB memory in this case.
Comment 3Huzaifa S. Sidhpurwala
2019-04-18 06:16:32 UTC
Created GraphicsMagick tracking bugs for this issue:
Affects: epel-all [bug 1701109]
Affects: fedora-all [bug 1701108]
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1701107]