In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. Reference: https://github.com/ImageMagick/ImageMagick/issues/664
Created GraphicsMagick tracking bugs for this issue: Affects: fedora-all [bug 1708526] Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1708525]
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1708527]
Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/5fcb3321ae36c4dda0f460a0defc99b5b4db55ef
ImageMagick6 commits: https://github.com/ImageMagick/ImageMagick6/commit/0701e59f00194897494fa2be74cee8ca626d8f6f https://github.com/ImageMagick/ImageMagick6/commit/9c31c956a1b2d65d0be0636d2eab3cd787897d35
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-12805