ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1767090]
Notes about GraphicsMagick:
Comparing the patch with the GraphicsMagick code, it seems like GraphicsMagick may not be affected by the flaw, because the original affected code is missing.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):