Arch Linux Security Advisory ASA-201607-13 ========================================== Severity: Low Date : 2016-07-29 CVE-ID : CVE-2016-6491 Package : imagemagick Type : information leakage Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package imagemagick before version 6.9.5.3-1 is vulnerable to information leakage. Resolution ========== Upgrade to 6.9.5.3-1. # pacman -Syu "imagemagick>=6.9.5.3-1" The problem has been fixed upstream in version 6.9.5-3. Workaround ========== None. Description =========== An out-of-bounds read has been found in ImageMagick's Get8BIMProperty() function. This issue can lead to memory leak since the data read is written to the output image afterwards. Impact ====== A remote attacker can access sensitive information present in memory by submitting a crafted image file. References ========== http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf2... http://seclists.org/oss-sec/2016/q3/194 https://access.redhat.com/security/cve/CVE-2016-6491