In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/670 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1486781]
Please fix your scripts. ImageMagick 6.9.9-9 is in Fedora 25 and Fedora 26 updates-testing. ImageMagick 7.0.6-9 is in Fedora 27 and Fedora Rawhide.