ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Reference: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826 Upstream commits: https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54 https://github.com/ImageMagick/ImageMagick/compare/master@%7B2019-07-15%7D...master@%7B2019-07-17%7D
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1765335]
Upstream patchset: https://github.com/imagemagick/imagemagick/compare/ad63c1c0ff19ce44d8c50512a238997a37d1e178...08af6505d26238d234b8ddf555f886301a3e7f76#diff-dd232d4da9772957b420ca411a1ddde3
ImageMagick 7 fix: https://github.com/ImageMagick/ImageMagick/compare/1ad4c59...e868e22 ImageMagick 6 fix: https://github.com/ImageMagick/ImageMagick6/compare/adb2da9...41399a3 https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc7
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17540