An out-of-bounds heap read vulnerability in ImageMagick compiled with TIFF support that can be triggered by running mogrify on crafted TIFF file was found.
Name: Shi Pu (China Electronic Technology Cyber Security)
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1361578]
In reply to comment 4:
> Upstream patch:
Having trouble accessing this, but https://github.com/ImageMagick/ImageMagick/commit/803bc34ebe023f209f745baf8a112610ff77cc8c works and appears to fix this issue.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.