ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). https://imagemagick.org/ https://www.metabaseq.com/imagemagick-zero-days/
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 2167599] Affects: fedora-36 [bug 2167600] Affects: fedora-37 [bug 2167601]
Upstream Commits: [1] https://github.com/ImageMagick/ImageMagick/commit/05673e63c919e61ffa1107804d1138c46547a475 (ImageMagick 7.1.0-52) [2] https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe (ImageMagick 6.9.12-67)
in 22 of dec of 2022 I updated all branches to 6.9.12-70 [1] as we can't have versions with "-" we convert "-" to "." so, in Fedora, version is 6.9.12.70 [1] * 6210760 2022-12-22 22:03 Sérgio M. Basto (origin/f37, origin/f36, origin/epel9, origin/epel8, f37, f36, epel9, epel8) Update ImageMagick to 6.9.12.70 (#2150658)