CVE-2015-8808

Published: 13 July 2016

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

From the Ubuntu security team

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
graphicsmagick Launchpad, Ubuntu, Debian	Upstream	Released (1.3.20-3+deb8u2)




	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (1.3.23-1build1)
	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (1.3.23-1build1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.3.18-1ubuntu3.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808
http://www.openwall.com/lists/oss-security/2016/02/06/1
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›