A flaw was found in ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. References: https://github.com/ImageMagick/ImageMagick/issues/1177 Patch: https://github.com/ImageMagick/ImageMagick6/commit/081f518eb9cb38e683b8b9ccb9e4ab5c52f82c2f https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1594420]
When writing a BMP file, ImageMagick incorrectly allocates the pixel_info array on the heap, using the wrong size. When converting a crafted image file to the BMP format, this flaw could be used to write beyond the limits, overwriting other data on the heap and causing a Denial of Service or other unspecified effects.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12599