In ImageMagick, there is a heap-use-after-free at MagickCore/pixel-accessor.h:378:10 in GetPixelRed.
Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/a47e7a994766b92b10d4a87df8c1c890c8b170f3
Seems to be the same for https://github.com/ImageMagick/ImageMagick/issues/1723 which is the same issue but with GetPixelBlue.
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer.
Name: Suhwan Song (Seoul National University)
This flaw is out of support scope for Red Hat Enterprise Linux 5, 6, and 7. Inkscape is not affected because it no longer uses a bundled ImageMagick in Red Hat Enterprise Linux 8. For more information regarding support scopes, please see https://access.redhat.com/support/policy/updates/errata .
*** Bug 1891988 has been marked as a duplicate of this bug. ***
Created ImageMagick tracking bugs for this issue:
Affects: epel-8 [bug 1901245]
Affects: fedora-all [bug 1901246]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):