New Search

Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2 - CVE-2017-9098

oval:org.cisecurity:def:2813

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder allowing an attacker to leak sensitive information from process memory space as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 10
  • Microsoft Windows Server 2003
  • Microsoft Windows 8
  • Microsoft Windows Server 2000
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2017-9098
Product(s):
  • ImageMagick