QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9098

Published: May 19, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c

x_refsource_MISC

https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b

x_refsource_MISC

vdb-entry

x_refsource_BID

[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update

mailing-list

x_refsource_MLIST

https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.