Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function.
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space. There is missing initialization in the ReadRLEImage function.
http://marc.info/?l=oss-security&m=149526522932650 https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b https://scarybeastsecurity.blogspot.nl/2017/05/bleed-continues-18-byte-file-14k-bounty.html