CVE-2017-9098 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-939	imagemagick	7.0.5.1-1	7.0.5.2-1	High	Fixed

References
http://marc.info/?l=oss-security&m=149526522932650 https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b https://scarybeastsecurity.blogspot.nl/2017/05/bleed-continues-18-byte-file-14k-bounty.html

References

http://marc.info/?l=oss-security&m=149526522932650
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
https://scarybeastsecurity.blogspot.nl/2017/05/bleed-continues-18-byte-file-14k-bounty.html