CVE-2017-9098 (retired)

Priority
Description
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use
uninitialized memory in the RLE decoder, allowing an attacker to leak
sensitive information from process memory space, as demonstrated by remote
attacks against ImageMagick code in a long-running server process that
converts image data on behalf of multiple users. This is caused by a
missing initialization step in the ReadRLEImage function in coders/rle.c.
Notes
mdeslaurThis is 0216-CVE-2017-9098-use-of-uninitialized-memory-in-RLE-dec.patch
Package
Upstream:released (7.0.5-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.7)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
More Information

Updated: 2019-10-09 08:02:10 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)