In ImageMagick 7.0.10-7, there is an stack-buffer-overflow at /coders/xpm.c:232 in ReadXPMImage References: https://github.com/ImageMagick/ImageMagick/issues/1895 https://imagemagick.org/script/changelog.php PoC: https://raw.githubusercontent.com/minghangshen/bug_poc/master/poc2/stack-buffer-over1
Upstream patch: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94
While there is a request for CVE assignment https://github.com/ImageMagick/ImageMagick/issues/1895#issuecomment-618110351 seems like no public assignment has been made yet or the assignment has not been updated on the MITRE site.