oss-sec mailing list archives
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Tue, 23 May 2017 08:34:04 -0500 (CDT)
On Tue, 23 May 2017, Thomas Deutschmann wrote:
Hi, thanks! I received an tiff attachment. Could you please confirm its SHA256 sum? I got790EF50E47EDCEF26DF6D6A7EB87B7706C1E32486D0EC3DB46A4E784E75C9DE8
That is what I get here. Since there seems to be so much interest in this file, I include a base64 encoding of it below.
TU0AKgAACAj/AP8I/xD/GP8g/yn/Mf85/0H/Sv9S/1r/Yv9q/3P/e/+D/4v/lP+c/6T/rP+0/73/ xf/N/9X/3v/m/+7/9v//9gD2CPYQ9hj2IPYp9jH2OfZB9kr2UvZa9mL2avZz9nv2g/aL9pT2nPak 9qz2tPa99sX2zfbV9t725vbu9vb2/+4A7gjuEO4Y7iDuKe4x7jnuQe5K7lLuWu5i7mruc+577oPu i+6U7pzupO6s7rTuve7F7s3u1e7e7ubu7u727v/mAOYI5hDmGOYg5inmMeY55kHmSuZS5lrmYuZq 5nPme+aD5ovmlOac5qTmrOa05r3mxebN5tXm3ubm5u7m9ub/3gDeCN4Q3hjeIN4p3jHeOd5B3kre Ut5a3mLeat5z3nveg96L3pTenN6k3qzetN693sXezd7V3t7e5t7u3vbe/9UA1QjVENUY1SDVKdUx 1TnVQdVK1VLVWtVi1WrVc9V71YPVi9WU1ZzVpNWs1bTVvdXF1c3V1dXe1ebV7tX21f/NAM0IzRDN GM0gzSnNMc05zUHNSs1SzVrNYs1qzXPNe82DzYvNlM2czaTNrM20zb3Nxc3NzdXN3s3mze7N9s3/ xQDFCMUQxRjFIMUpxTHFOcVBxUrFUsVaxWLFasVzxXvFg8WLxZTFnMWkxazFtMW9xcXFzcXVxd7F 5sXuxfbF/70AvQi9EL0YvSC9Kb0xvTm9Qb1KvVK9Wr1ivWq9c717vYO9i72UvZy9pL2svbS9vb3F vc291b3evea97r32vf+0ALQItBC0GLQgtCm0MbQ5tEG0SrRStFq0YrRqtHO0e7SDtIu0lLSctKS0 rLS0tL20xbTNtNW03rTmtO609rT/rACsCKwQrBisIKwprDGsOaxBrEqsUqxarGKsaqxzrHusg6yL rJSsnKykrKystKy9rMWszazVrN6s5qzurPas/6QApAikEKQYpCCkKaQxpDmkQaRKpFKkWqRipGqk c6R7pIOki6SUpJykpKSspLSkvaTFpM2k1aTepOak7qT2pP+cAJwInBCcGJwgnCmcMZw5nEGcSpxS nFqcYpxqnHOce5yDnIuclJycnKScrJy0nL2cxZzNnNWc3pzmnO6c9pz/lACUCJQQlBiUIJQplDGU OZRBlEqUUpRalGKUapRzlHuUg5SLlJSUnJSklKyUtJS9lMWUzZTVlN6U5pTulPaU/4sAiwiLEIsY iyCLKYsxizmLQYtKi1KLWotii2qLc4t7i4OLi4uUi5yLpIusi7SLvYvFi82L1Yvei+aL7ov2i/+D AIMIgxCDGIMggymDMYM5g0GDSoNSg1qDYoNqg3ODe4ODg4uDlIOcg6SDrIO0g72DxYPNg9WD3oPm g+6D9oP/ewB7CHsQexh7IHspezF7OXtBe0p7Untae2J7antze3t7g3uLe5R7nHuke6x7tHu9e8V7 zXvVe9575nvue/Z7/3MAcwhzEHMYcyBzKXMxczlzQXNKc1JzWnNic2pzc3N7c4Nzi3OUc5xzpHOs c7RzvXPFc81z1XPec+Zz7nP2c/9qAGoIahBqGGogailqMWo5akFqSmpSalpqYmpqanNqe2qDaotq lGqcaqRqrGq0ar1qxWrNatVq3mrmau5q9mr/YgBiCGIQYhhiIGIpYjFiOWJBYkpiUmJaYmJiamJz Yntig2KLYpRinGKkYqxitGK9YsVizWLVYt5i5mLuYvZi/1oAWghaEFoYWiBaKVoxWjlaQVpKWlJa WlpiWmpac1p7WoNai1qUWpxapFqsWrRavVrFWs1a1VreWuZa7lr2Wv9SAFIIUhBSGFIgUilSMVI5 UkFSSlJSUlpSYlJqUnNSe1KDUotSlFKcUqRSrFK0Ur1SxVLNUtVS3lLmUu5S9lL/SgBKCEoQShhK IEopSjFKOUpBSkpKUkpaSmJKakpzSntKg0qLSpRKnEqkSqxKtEq9SsVKzUrVSt5K5kruSvZK/0EA QQhBEEEYQSBBKUExQTlBQUFKQVJBWkFiQWpBc0F7QYNBi0GUQZxBpEGsQbRBvUHFQc1B1UHeQeZB 7kH2Qf85ADkIORA5GDkgOSk5MTk5OUE5SjlSOVo5YjlqOXM5ezmDOYs5lDmcOaQ5rDm0Ob05xTnN OdU53jnmOe459jn/MQAxCDEQMRgxIDEpMTExOTFBMUoxUjFaMWIxajFzMXsxgzGLMZQxnDGkMawx tDG9McUxzTHVMd4x5jHuMfYx/ykAKQgpECkYKSApKSkxKTkpQSlKKVIpWiliKWopcyl7KYMpiymU KZwppCmsKbQpvSnFKc0p1SneKeYp7in2Kf8gACAIIBAgGCAgICkgMSA5IEEgSiBSIFogYiBqIHMg eyCDIIsglCCcIKQgrCC0IL0gxSDNINUg3iDmIO4g9iD/GAAYCBgQGBgYIBgpGDEYORhBGEoYUhha GGIYahhzGHsYgxiLGJQYnBikGKwYtBi9GMUYzRjVGN4Y5hjuGPYY/xAAEAgQEBAYECAQKRAxEDkQ QRBKEFIQWhBiEGoQcxB7EIMQixCUEJwQpBCsELQQvRDFEM0Q1RDeEOYQ7hD2EP8IAAgICBAIGAgg CCkIMQg5CEEISghSCFoIYghqCHMIewiDCIsIlAicCKQIrAi0CL0IxQjNCNUI3gjmCO4I9gj/AAAA CAAQABgAIAApADEAOQBBAEoAUgBaAGIAagBzAHsAgwCLAJQAnACkAKwAtAC9AMUAzQDVAN4A5gDu APYA/wARAQAAAwAAAAEAIgAAAQEAAwAAAAEAMAAAAQIAAwAAAAIACAAIAQMAAwAAAAEAAQAAAQYA AwAAAAEABQAAAREABAAAAAEAAAAIARIAAwAAAAEAAQAAARUAAwAAAAEAAgAAARYAAwAAAAEAIAAA ARcABAAAAAEAAAgAARoABQAAAAEAAAjaARsABQAAAAEAAAjiARwAAwAAAAEAAQAAASgAAwAAAAEA AgAAAVIAAwAAAAEAAgAAAVMAAwAAAAIAAQABh3MABwAAAAAAAABIAAA= Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Current thread:
- ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Salvatore Bonaccorso (May 20)
- Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham (May 22)