In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
{
"cpe": [
"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.7-23:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0.7-16"
},
{
"fixed": "7.0.7-21"
},
{
"introduced": "7.0.7-23"
},
{
"last_affected": "7.0.7-23"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}