Bug 2390828 (GHSA-fff3-4rp7-px97)

Summary: ImageMagick: ImageMagick heap-buffer-overflow
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A heap based buffer overflow flaw has been discovered in ImageMagick. This flaw allows an attacker with local access to induce a program crash when feeding a crafted TIFF file into ImageMagick.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2390946, 2390947, 2390948, 2390950, 2390949    
Bug Blocks:    

Description OSIDB Bzimport 2025-08-25 17:02:29 UTC 
### Summary
While Processing a crafted TIFF file, imagemagick crashes.

### Details
Following is the imagemagick version:
```
imagemagick_git/build_26jun23/bin/magick --version
Version: ImageMagick 7.1.1-13 (Beta) Q16-HDRI x86_64 56f478940:20230625 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI 
Delegates (built-in): fontconfig freetype jbig jng jpeg lcms lzma pangocairo png tiff webp x xml zlib
Compiler: gcc (4.2)
```
### PoC
issue can be replicated with following command with provided POC file(sent over email):
```bash
magick poc.tiff /dev/null
```
### Impact
This can lead to application crash.

### Credits
Please give credits to Hardik shah of Vehere (Dawn Treaders team)