In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Essentially a heap-based OOB read which can crash the application while reading specially crafted TIFF files. Seems like crash or DoS is the maximum impact, no easy way to read bits of OOB memory in this case.
Created GraphicsMagick tracking bugs for this issue:
Affects: epel-all [bug 1701109]
Affects: fedora-all [bug 1701108]
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1701107]
ImageMagick 7 commit:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):