In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Reference: https://github.com/ImageMagick/ImageMagick/issues/1791
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1792470] Affects: fedora-all [bug 1792469]
Upstream fix: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19952