ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Upstream Issue: https://github.com/ImageMagick/ImageMagick/issues/1602
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1726125]
Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
The vulnerable code was introduced in commit https://github.com/ImageMagick/ImageMagick/commit/b40ea40a35b8b5d011b4543bcfb8f8adfc9bb581 , which according to the commit message "Added support for writing layered tiff files with -define tiff:write-layers=true."
Statement: This issue does not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-13136