CVE-2017-9098

HIGH Year: 2017
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-908
View all →

Vulnerability Description

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Related Vulnerabilities

CVE-2008-0063

HIGH
CVSS:7.5(High)

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitiv...

CWE-9082008

CVE-2008-3688

HIGH
CVSS:7.5(High)

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an un...

CWE-9082008

CVE-2009-0949

HIGH
CVSS:7.5(High)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointe...

CWE-9082009

CVE-2018-25023

HIGH
CVSS:7.5(High)

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CWE-9082018

CVE-2018-9381

HIGH
CVSS:7.5(High)

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution priv...

CWE-9082018

CVE-2019-15553

HIGH
CVSS:7.5(High)

An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.

CWE-9082019