In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/596 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1486807]