The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/518 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/078e9692a257e7a8aa36ccc750927f9617923061 https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1473848]