Wind River Support Network

HomeDefectsLIN9-4310
Fixed

LIN9-4310 : Security Advisory - imagemagick - CVE-2017-9098

Created: May 25, 2017    Updated: May 29, 2018
Resolved Date: Aug 10, 2017
Found In Version: 9.0.0.6
Fix Version: 9.0.0.7
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

https://nvd.nist.gov/vuln/detail/CVE-2017-9098

CVEs


Live chat
Online