Date: Sat, 20 May 2017 08:26:36 -0700 From: Ian Zimmerman <itz@...mate.net> To: oss-security@...ts.openwall.com Subject: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder On 2017-05-20 09:26, Salvatore Bonaccorso wrote: > Chris Evans discovered that ImageMagick uses unitialized memory in the > RLE decoder, allowing an attacker to leak sensitive information from > process memory space. There is missing initialization in the > ReadRLEImage function. > > Original article at: > > https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html It was good to see the discussion of how GraphicsMagick was affected, or not. I would love to see that in all *Magick weakness reports. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ