A heap overflow has been discovered in the ImageMagick BMP decoder. The demo BMP file is the same one which affected QT. The demo image is attachment 102533 [details]. This issue also affects FC1.
Created attachment 103039 [details] This will add the checks needed to prevent this overflow.
You may wish to have a look at https://bugzilla.fedora.us/show_bug.cgi?id=2052#c10 because the patch in comment #1 may not have caught all of the vulnerabilities. -David
Please see attachment 106788 [details] for a more comprehensive patch than 103039. This attachment also covers DIB and AVI buffer overflows as well as BMP. Parallel entry in #7 of Bugzilla issue 130807, https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130807#c7 .
This should be fixed in 6.0.7, according to comments in #130807. FC2 has 6.2.0.7 now --> resolving