In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/1555
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1705407] Affects: fedora-all [bug 1705408] Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1705409]
Upstream patches: https://github.com/ImageMagick/ImageMagick/commit/f06925afeabe3f01045db33d5a33d55e64378ebc https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11597