A heap-based buffer overflow vulnerability was found in ImageMagick in ReadTIFFImage() in coders/tiff.c because of an incorrect setting of the pixel array size which can lead to crash and segmentation fault. This flaw affects ImageMagick versions prior to 7.1.0-0 and 7.0.11-14. Reference and upstream patch: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 1973691] Affects: fedora-all [bug 1973692]
Flaw summary: ImageMagick's ReadTIFFImage() function in coders/tiff.c assigned a size (`extent`) used to allocate memory via AcquireQuantumMemory()[1]. `extent` was calculated improperly and was too small, which could lead to an out-of-bounds read subsequently such as when converting an image. The upstream patch calculates `extent` to be a larger value in order to avoid this. 1. https://imagemagick.org/api/MagickCore/memory_8c.html#a417a408aa35c9f385d31d2e40eed4b27
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3610