ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
{ "vanir_signatures": [ { "source": "https://github.com/imagemagick/imagemagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "coders/xbm.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "224705441759010440560900958223762406793", "304529211916910209029294137354228750713", "235771051595492321073379605913506309882", "126407365303418340446855400405574241016", "224705441759010440560900958223762406793", "304529211916910209029294137354228750713", "204883727999822357422436829985984245928", "205102091651409849008738220299547053545" ] }, "id": "CVE-2018-16323-1d056cc2" }, { "source": "https://github.com/imagemagick/imagemagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "target": { "file": "coders/xbm.c", "function": "ReadXBMImage" }, "digest": { "length": 5438.0, "function_hash": "174512057943492617268595983285528458559" }, "id": "CVE-2018-16323-8b14128d" } ] }