Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 20 May 2017 09:26:32 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE


Chris Evans discovered that ImageMagick uses unitialized memory in the
RLE decoder, allowing an attacker to leak sensitive information from
process memory space. There is missing initialization in the
ReadRLEImage function.

Original article at:

Upstream fix:

For reference and for list archivng purpose I'm attaching the text
part of the finding.


View attachment "CVE-2017-9098.txt" of type "text/plain" (14990 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.