ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827 https://github.com/ImageMagick/ImageMagick/issues/1641 Upstream commit: https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1767090]
Notes about GraphicsMagick: Comparing the patch with the GraphicsMagick code, it seems like GraphicsMagick may not be affected by the flaw, because the original affected code is missing.
ImageMagick6 commit: https://github.com/ImageMagick/ImageMagick6/commit/c1a5aa3f4214ad6e4748de84dad44398959014e1
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17541