CVE-2017-9098

Priority
Medium
Description
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use
uninitialized memory in the RLE decoder, allowing an attacker to leak
sensitive information from process memory space, as demonstrated by remote
attacks against ImageMagick code in a long-running server process that
converts image data on behalf of multiple users. This is caused by a
missing initialization step in the ReadRLEImage function in coders/rle.c.
References
Bugs
Notes
 mdeslaur> This is 0216-CVE-2017-9098-use-of-uninitialized-memory-in-RLE-dec.patch
Package
Upstream:released (7.0.5-2)
Ubuntu 17.10 (Artful Aardvark):released (8:6.9.7.4+dfsg-9ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (8:6.7.7.10-6ubuntu3.7)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.7)
Ubuntu 16.10 (Yakkety Yak):released (8:6.8.9.9-7ubuntu8.6)
Ubuntu 17.04 (Zesty Zapus):released (8:6.9.7.4+dfsg-3ubuntu1.1)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
More Information

Updated: 2017-05-31 13:14:39 UTC (commit 12650)