CVE-2017-9098

Priority
Description
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use
uninitialized memory in the RLE decoder, allowing an attacker to leak
sensitive information from process memory space, as demonstrated by remote
attacks against ImageMagick code in a long-running server process that
converts image data on behalf of multiple users. This is caused by a
missing initialization step in the ReadRLEImage function in coders/rle.c.
Notes
mdeslaurThis is 0216-CVE-2017-9098-use-of-uninitialized-memory-in-RLE-dec.patch
Package
Upstream:released (7.0.5-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [8:6.7.7.10-6ubuntu3.7])
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.7)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
More Information

Updated: 2020-03-18 22:50:44 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)