Fluid Attacks Database

Description

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	graphicsmagick	>=0 <1.3.26-14	1.3.26-14
debian 14	graphicsmagick	>=0 <1.3.26-14	1.3.26-14
debian 14	imagemagick	>=0 <8:6.9.9.34+dfsg-3	8:6.9.9.34+dfsg-3
debian 11	graphicsmagick	>=0 <1.3.26-14	1.3.26-14
debian 11	imagemagick	>=0 <8:6.9.9.34+dfsg-3	8:6.9.9.34+dfsg-3
debian 12	graphicsmagick	>=0 <1.3.26-14	1.3.26-14
debian 13	imagemagick	>=0 <8:6.9.9.34+dfsg-3	8:6.9.9.34+dfsg-3
debian 12	imagemagick	>=0 <8:6.9.9.34+dfsg-3	8:6.9.9.34+dfsg-3
rpm rhel7	ImageMagick	-	-
rpm rhel5	ImageMagick	-	-

1-10 of 11

Aliases

1. CVE-2017-152772. NVD-2017-152773. OSV-DEBIAN-2017-152774. OSV-2017-152775. SECURITY-TRACKER-CVE-2017-15277

References

1. https://github.com/hexrom/ImageMagick-CVE-2017-15277

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.