CVE-2017-9098

Source
Severity High
Remote Yes
Type Information disclosure
Description
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function.
Group Package Affected Fixed Severity Status Ticket
AVG-939 imagemagick 7.0.5.1-1 7.0.5.2-1 High Fixed
References
http://marc.info/?l=oss-security&m=149526522932650
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
https://scarybeastsecurity.blogspot.nl/2017/05/bleed-continues-18-byte-file-14k-bounty.html