Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets. He earned a $14,000 bounty that he donated to charity (Yahoo matched Evans donation) Evans said the vulnerabilities, which he calls Yahoobleed #1 and #2, could allow an attacker to steal private Yahoo Mail images from the server. Unlike previous vulnerabilities, such as Heartbleed and Cloudbleed, this bug was the result of uninitialized memory, Evans said.
Source: https://threatpost.com/yahoo-retires-imagemagick-after-bugs-leak-server-memory/125862/