Описание
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
It was discovered that ImageMagick does not properly guarantee that initialized memory is used when reading RLE images. A remote attacker could possibly exploit this flaw to disclose potentially sensitive memory contents by, for example, tricking ImageMagick into converting a specially crafted RLE image into another format.
Отчет
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
Forcefully disable the RLE decoder from being used, for example by renaming ImageMagick's rle.so library: RHEL6 mitigation: 32bit: mv /usr/lib/ImageMagick-6.7.2/modules-Q16/coders/rle.so /usr/lib/ImageMagick-6.7.2/modules-Q16/coders/rle.so.CVE-2017-9098 64bit: mv /usr/lib64/ImageMagick-6.7.2/modules-Q16/coders/rle.so /usr/lib64/ImageMagick-6.7.2/modules-Q16/coders/rle.so.CVE-2017-9098 RHEL7 mitigation: 32bit: mv /usr/lib/ImageMagick-6.7.8/modules-Q16/coders/rle.so /usr/lib/ImageMagick-6.7.8/modules-Q16/coders/rle.so.CVE-2017-9098 64bit: mv /usr/lib64/ImageMagick-6.7.8/modules-Q16/coders/rle.so /usr/lib64/ImageMagick-6.7.8/modules-Q16/coders/rle.so.CVE-2017-9098 If you are using the glibc heap implementation (default), it may also be possible to set the "MALLOC_PERTURB_" environment variable to a non-zero value before launching the process using ImageMagick. This should forcefully initialize the memory, but may reduce performance. Ensure proper testing before using these methods.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Will not fix | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Will not fix | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ImageMagick | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS3
Связанные уязвимости
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninit ...
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
EPSS
5.1 Medium
CVSS3