CVE-2014-8562: ImageMagick - Out-of-bounds read / heap overflow in DCM import

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function ReadDCMImage() in the file dcm.c. GraphicsMagick, which is a fork of ImageMagick, is not affected.
The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

Solution

ImageMagick has released version 6.8.9-9 which fixes this and some other out-of-bounds issues. GraphicsMagick, which is a fork of ImageMagick, is not affected.

Timeline

2014-10-24: Discovery, informed upstream developers
2014-10-25: Patch in upstream SVN
2014-10-25: Upstream released 6.8.9-9 with fix

References

Patch / upstream commit
Upstream Changelog
Fuzzing sample (try with identify or convert)
CVE-2014-8562

Hanno Böck, 2014-11-01

CC0