ImageMagick is vulnerable to heap-based over-reads. The GenNextToken
function in token.c
allows attackers to read sensitive information from memory and possibly other attacks. It can be exploited through a mishandled SVG document in the GetUserSpaceCoordinateValue
function.