imagemagick is a software suite to create, edit, compose, or convert bitmap images.
A fuzz on an updated version with the undefined behavior sanitizer enabled, revealed a null pointer which is declared to never be null.
The complete UBSan output:
# identify $FILE coders/tiff.c:655:39: runtime error: null pointer passed as argument 2, which is declared to never be null MagickCore/string_.h:76:23: note: nonnull attribute specified here
This bug was discovered by Agostino Sarubbo of Gentoo.
2016-11-09: bug discovered and reported to upstream
2016-11-09: upstream released a patch
2016-11-15: upstream released 18.104.22.168
2016-11-19: blog post about the issue
2016-11-23: CVE assigned
This bug was found with American Fuzzy Lop.