An out-of-bounds heap read vulnerability in ImageMagick compiled with TIFF support that can be triggered by running mogrify on crafted TIFF file was found.
Acknowledgments: Name: Shi Pu (China Electronic Technology Cyber Security)
Upstream patch: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1361578]
In reply to comment 4: > Upstream patch: > > http://git.imagemagick.org/repos/ImageMagick/commit/ > c20de102cc57f3739a8870f79e728e3b0bea18c0 Having trouble accessing this, but https://github.com/ImageMagick/ImageMagick/commit/803bc34ebe023f209f745baf8a112610ff77cc8c works and appears to fix this issue.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.