Your submission was sent successfully! Close

CVE-2017-15277

Published: 12 October 2017

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

From the Ubuntu security team

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
graphicsmagick
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.3.26-14)
cosmic Not vulnerable
(1.3.26-14)
disco Not vulnerable
(1.3.26-14)
eoan Not vulnerable
(1.3.26-14)
focal Not vulnerable
(1.3.26-14)
groovy Not vulnerable
(1.3.26-14)
hirsute Not vulnerable
(1.3.26-14)
impish Not vulnerable
(1.3.26-14)
jammy Not vulnerable
(1.3.26-14)
precise Does not exist

trusty Needed

upstream Needs triage

xenial
Released (1.3.23-1ubuntu0.4)
zesty Ignored
(reached end-of-life)
imagemagick
Launchpad, Ubuntu, Debian
artful
Released (8:6.9.7.4+dfsg-16ubuntu2.2)
bionic
Released (8:6.9.7.4+dfsg-16ubuntu6.2)
cosmic
Released (8:6.9.7.4+dfsg-16ubuntu8)
disco
Released (8:6.9.7.4+dfsg-16ubuntu8)
eoan
Released (8:6.9.7.4+dfsg-16ubuntu8)
focal
Released (8:6.9.7.4+dfsg-16ubuntu8)
groovy
Released (8:6.9.7.4+dfsg-16ubuntu8)
hirsute
Released (8:6.9.7.4+dfsg-16ubuntu8)
impish
Released (8:6.9.7.4+dfsg-16ubuntu8)
jammy
Released (8:6.9.7.4+dfsg-16ubuntu8)
precise Does not exist

trusty Does not exist
(trusty was released [8:6.7.7.10-6ubuntu3.11])
upstream
Released (8:6.9.9.34+dfsg-3)
xenial
Released (8:6.8.9.9-7ubuntu5.11)
zesty Ignored
(reached end-of-life)