In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. Reference: https://github.com/ImageMagick/ImageMagick/issues/660
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1708526] Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1708525]
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1708527]
Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/4a8a6274f5e690f9106a998de9b8a8f3929402bc
Decreasing Impact to Low and set Availability to Low, as when the program is compiled without ASAN, the program will usually just print an error message "MemoryAllocationFailed".
Statement: This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 as they already contained the patched code.
ImageMagick6 commit: https://github.com/ImageMagick/ImageMagick6/commit/4a8a6274f5e690f9106a998de9b8a8f3929402bc
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-12806