GraphicsMagick through version 1.3.26 is vulnerable to a use after free in the ReadOneJNGImage and ReadJNGImage functions in coders/png.c. An attacker could exploit this to cause a denial of service via a crafted file. Upstream Issue: https://sourceforge.net/p/graphicsmagick/bugs/438/ Upstream Patch: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1554189] Affects: epel-all [bug 1554188]