Bugzilla – Bug 1131439
VUL-1: CVE-2019-10714: GraphicsMagick,ImageMagick: An out-of-bounds access exists in function LocaleLowercase in MagickCore/locale.c leads to SIGSEGV
Last modified: 2019-04-03 17:29:49 UTC
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
Failed to reproduce the issue in all the codestreams.
After investigation it seems that the vulnerable function introduced when upstream tried to fix . The fix of  introduced in 7.0.8-25 and backported to version 6.9.10-25.
The versions that fix this CVE are 22.214.171.124 and 6.9.0-36
Regarding our codestreams, none seems affected. Tested with valgrind the POC  and did not work.
Regarding openSUSE LEAP codestreams are not affected while TW ships an already fixed version.