Arch Linux: ASA-202310-04 Moderate Alert: OpenSSL TLS Protocol Flaw

Arch Linux Security Advisory ASA-201607-13
=========================================
Severity: Low
Date    : 2016-07-29
CVE-ID  : CVE-2016-6491
Package : imagemagick
Type    : information leakage
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package imagemagick before version 6.9.5.3-1 is vulnerable to
information leakage.

Resolution
=========
Upgrade to 6.9.5.3-1.

# pacman -Syu "imagemagick>=6.9.5.3-1"

The problem has been fixed upstream in version 6.9.5-3.

Workaround
=========
None.

Description
==========
An out-of-bounds read has been found in ImageMagick's Get8BIMProperty()
function. This issue can lead to memory leak since the data read is
written to the output image afterwards.

Impact
=====
A remote attacker can access sensitive information present in memory by
submitting a crafted image file.

References
=========
https://seclists.org/oss-sec/2016/q3/194
https://access.redhat.com/security/cve/CVE-2016-6491