A heap-based buffer overflow vulnerability was found in ImageMagick in ReadTIFFImage() in coders/tiff.c because of an incorrect setting of the pixel array size which can lead to crash and segmentation fault. This flaw affects ImageMagick versions prior to 7.1.0-0 and 7.0.11-14.
Reference and upstream patch:
Created ImageMagick tracking bugs for this issue:
Affects: epel-8 [bug 1973691]
Affects: fedora-all [bug 1973692]
ImageMagick's ReadTIFFImage() function in coders/tiff.c assigned a size (`extent`) used to allocate memory via AcquireQuantumMemory(). `extent` was calculated improperly and was too small, which could lead to an out-of-bounds read subsequently such as when converting an image. The upstream patch calculates `extent` to be a larger value in order to avoid this.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):