Description

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a <canvas> element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.
References

 Apparent use of uninitialized memory when rendering BMPs on <canvas> (CVE-2014-8637)