CVE-2017-9098

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.0.5-2 GraphicsMagick versions prior to 1.3.24

Description The issue allows an attacker to leak sensitive information from process memory space due to the use of uninitialized memory in the RLE decoder. This can be exploited through remote attacks against code in a long-running server process that converts image data on behalf of multiple users. The problem is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Recommendations For ImageMagick versions prior to 7.0.5-2, update to version 7.0.5-2 or later. For GraphicsMagick versions prior to 1.3.24, update to version 1.3.24 or later. As a temporary workaround, consider disabling the ReadRLEImage function in coders/rle.c until a patch is available.