ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. Reference: https://github.com/ImageMagick/ImageMagick/issues/1546 Upstream commit: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1707774] Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1707773]
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1707775]
ImageMagick 7 commit: https://github.com/ImageMagick/ImageMagick/commit/ab3e2be9b387919ef5c25977c4c054fb9dc089a6
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11472