An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. References: https://github.com/ImageMagick/ImageMagick/issues/802 Patches: https://github.com/ImageMagick/ImageMagick/commit/bb04ccb34fd45e9c3020786857fb79b09f44d7db https://github.com/ImageMagick/ImageMagick/commit/12f34b60564de1cbec08e23e2413dab5b64daeb7
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1561740]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-18252