CVE-2017-9098

Source
Severity High
Remote Yes
Type Information disclosure
Description
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function.
References
http://marc.info/?l=oss-security&m=149526522932650
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
https://scarybeastsecurity.blogspot.nl/2017/05/bleed-continues-18-byte-file-14k-bounty.html