|Description||ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|imagemagick (PTS)||buster, buster (security)||8:18.104.22.168+dfsg-2.1+deb10u1||fixed|
|bookworm, sid, bullseye||8:22.214.171.124+dfsg-1.3||fixed|
The information below is based on the following data on fixed versions.
[stretch] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to stretch)
[jessie] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to jessie)