In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Reference: https://github.com/ImageMagick/ImageMagick/issues/1450 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1687437]
No reproducer. We look vulnerable from a quick glance at the source. Appears to be in Red Hat Enterprise 6 and 5. 5 code is mildly different, but still looks vulnerable. Memory leak, low DoS.
ImageMagick6 commit: https://github.com/ImageMagick/ImageMagick6/commit/ffedc1feed46ae5dfad2aeaf4bd9c42174ec0ad1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-7175