Valve: ImageMagick GIF coder vulnerability leading to memory disclosure

2018-02-12T16:36:24
ID H1:315256
Type hackerone
Reporter alyssa_herrera
Modified 2018-07-02T23:44:08

Description

Due to CVE-2017-15277, portions of server memory on some steamcommunity web servers could be leaked via image updates. An attacker would not be able to control what memory would be returned, but system information could be obtained. I was able to arbitrarily disclose server memory on steamcommunity.com due to CVE-2017-15277.