oss-sec mailing list archives
ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 20 May 2017 09:26:32 +0200
Hi Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function. Original article at: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html Upstream fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b For reference and for list archivng purpose I'm attaching the text part of the finding. Regards, Salvatore
Attachment:
CVE-2017-9098.txt
Description:
Current thread:
- ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Salvatore Bonaccorso (May 20)
- Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham (May 22)