In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/539 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/787f9dc99c8d186ae26ed53ddec54bd0a6f90852 https://github.com/ImageMagick/ImageMagick/commit/663e70e90257797f4634ea8dd4a31e0947d1f266
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1473719]