In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1692301]
This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 and 7.
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a
security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the
Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Created attachment 1554265 [details]
The WritePSImage() function fails to properly enforce the boundaries of a stack-based buffer when converting an image into a PostScript file. A malicious attacker could create a specially crafted image, which, when converted, could lead to a stack-based buffer overflow and, possibly, execution of arbitrary code. Successful exploitation requires that RLE compression is used.
ImageMagick 7 commit:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):