CVE-2017-9098 : ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an att

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Published 2017-05-19 19:29:00

Updated 2021-04-28 16:32:30

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-9098

Probability of exploitation activity in the next 30 days: 0.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-9098

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-9098

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-9098

http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c

Mercurial Repository: p/graphicsmagick/code: diff coders/rle.c
Patch;Third Party Advisory
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html

Security: *bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images
Exploit;Technical Description;Third Party Advisory
http://www.debian.org/security/2017/dsa-3863

Debian -- Security Information -- DSA-3863-1 imagemagick
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html

[SECURITY] [DLA 1456-1] graphicsmagick security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b

Reset memory for RLE decoder (patch provided by scarybeasts) · ImageMagick/ImageMagick@1c358ff · GitHub
Patch;Third Party Advisory
http://www.securityfocus.com/bid/98593

ImageMagick CVE-2017-9098 Local Information Disclosure Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2017-9098

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Imagemagick » Imagemagick
Versions from including (>=) 7.0.0-0 and before (<) 7.0.5-2
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Matching versions
Imagemagick » Imagemagick
Versions before (<) 6.9.8-1
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Matching versions
Graphicsmagick » Graphicsmagick
Versions before (<) 1.3.24
cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-9098

Exploit prediction scoring system (EPSS) score for CVE-2017-9098

CVSS scores for CVE-2017-9098

CWE ids for CVE-2017-9098

References for CVE-2017-9098

Products affected by CVE-2017-9098