ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1726125]
The vulnerable code was introduced in commit https://github.com/ImageMagick/ImageMagick/commit/b40ea40a35b8b5d011b4543bcfb8f8adfc9bb581 , which according to the commit message "Added support for writing layered tiff files with -define tiff:write-layers=true."
This issue does not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):