Description
Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a <canvas> element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.
References
Apparent use of uninitialized memory when rendering BMPs on <canvas> (CVE-2014-8637)