An information leak vulnerability was found in MagickCore/property.c by partially controlling the pointer for reading arbitrary data from the memory of ImageMagick process. Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b CVE request: http://seclists.org/oss-sec/2016/q2/586
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1350462]
Although we do have affected code snippets, I could not find an attack vector to exploit this prior to the following commit: https://github.com/ImageMagick/ImageMagick/commit/e9438e2a82d35b6657e908ff38ec0303f432b655 Statement: This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.