Use of uninitialized value in function ReadCUTImage

[YangY-Xiao]

Prerequisites

• [ y ] I have written a descriptive issue title
• [ y ] I have verified that I am using the latest version of ImageMagick
• [ y ] I have searched open and closed issues to ensure it has not already been reported

Description

  /* ----- Load RLE compressed raster ----- */
  BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk,
    sizeof(*BImgBuff));  /*Ldblk was set in the check phase*/
  if(BImgBuff==NULL) goto NoMemory;

  offset=SeekBlob(image,6 /*sizeof(Header)*/,SEEK_SET);

(https://github.com/ImageMagick/ImageMagick/blob/master/coders/cut.c#L552)

We should initialize the BImgBuff, otherwise an use-of-uninitialized vulnerability occurs, which is similar to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6780 (fixed in a85ab26 and 81bfff2 ) and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5710 (fixed in ce433f8 and 81bfff2).

[urban-warrior]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

[nohmask]

This was assigned CVE-2019-13135.