The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. Reference: https://github.com/ImageMagick/ImageMagick/issues/1553 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1767814] Affects: fedora-all [bug 1767813]
Note about GraphicsMagick: This issue was addressed via upstream commit: http://hg.code.sf.net/p/graphicsmagick/code/rev/5402c5cbd8bd This patch is not currently part of any GraphicsMagick release yet.
Created GraphicsMagick tracking bugs for this issue: Affects: epel-all [bug 1770518] Affects: fedora-all [bug 1770517]
ImageMagick6 commit: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15139