CVE-2017-15277
12.10.2017, 08:29
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| graphicsmagick | graphicsmagick | 1.3.26 |
| imagemagick | imagemagick | 7.0.6-1 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| graphicsmagick |
| ||||||||||||
| imagemagick |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| graphicsmagick |
| ||||||||||||||||||||||||||
| imagemagick |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ImageMagick |
| ||||||||||||||||||||||||||||||
| ImageMagick-config-6-SUSE |
| ||||||||||||||||||||||||||||||
| ImageMagick-config-6-upstream |
| ||||||||||||||||||||||||||||||
| libMagick++-6_Q16-3 |
| ||||||||||||||||||||||||||||||
| libMagickCore-6_Q16-1 |
| ||||||||||||||||||||||||||||||
| libMagickCore-6_Q16-1-32bit |
| ||||||||||||||||||||||||||||||
| libMagickWand-6_Q16-1 |
|
Common Weakness Enumeration
References