A heap-based buffer overflow was reported in ImageMagick, when decoding certain GIF images, with specially crafted blocks. A remote attacker could provide a specially-crafted GIF image format file, that when processed by ImageMagick would lead to crash or, potentially, arbitrary code execution. References: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273 https://launchpadlibrarian.net/148688866/Fix-gif-comments.patch Upstream patch: http://trac.imagemagick.org/changeset/8770/ImageMagick/trunk/coders/gif.c
Looking at the source, it seems like this flaw was introduced by the following commit: http://trac.imagemagick.org/changeset/8002/ImageMagick/trunk/coders/gif.c versions of ImageMagick shipped with rhel-5,rhel-6,rhel-7 and fedora are not vulnerable.
Statement: Not Vulnerable. This issue does not affect the version of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6.
This issue does not affect the version of ImageMagick as shipped with Fedora 18 and Fedora 19.