In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in coders/webp.c:IsWEBPImageLossless(). Upstream Issue: https://github.com/ImageMagick/ImageMagick/issues/1009 Upstream Patch: https://github.com/ImageMagick/ImageMagick/commit/361ed689cc8e56fd125f9d0d6508e9eb303bdca6
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1563891]
Statement: This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.