In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/1540
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1705416] Affects: fedora-all [bug 1705417]
Upstream patches: https://github.com/ImageMagick/ImageMagick/commit/c111ed9b035532c2c81ea569f2d22fded9517287 https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1708319]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11598