WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. Reference: https://github.com/ImageMagick/ImageMagick/issues/1560 Upstream commit: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1767804] Affects: fedora-all [bug 1767803]
ImageMagick 7 commit: https://github.com/ImageMagick/ImageMagick/commit/a903bb5faf8993f5904643ec7e329dca6ff6ed99
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15141