“In my previous post on Yahoobleed #1 (YB1), we saw how an uninitialized memory vulnerability could lead to disclosure of private images belonging to other users. The resulting leaked memory bytes were subject to JPEG compression, which is not a problem for image theft, but is somewhat lacking if we wanted to steal memory content other than images.” states Chris Evans.
“In this post, we explore an alternative *bleed class vulnerability in Yahoo! thumbnailing servers. Let’s call it Yahoobleed #2 (YB2). We’ll get around the (still present) JPEG compression issue to exfiltrate raw memory bytes. With subsequent usage of the elite cyberhacking tool “strings”, we discover many wonders.
Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.”