VDB

CVE-2017-15277

CVE-2017-15277 PUBLISHED

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

EPSS 48.48% · 97.8th percentile

Risk Scores

EPSS Score
48.48%
97.8th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSimagemagick8:6.9.7.4+dfsg-16ubuntu3, 8:6.9.7.4+dfsg-16ubuntu4, 8:6.9.7.4+dfsg-16ubuntu5
Ubuntu:14.04:LTSimagemagick8:6.7.7.10-6ubuntu3.6, 8:6.7.7.10-6ubuntu3.5, *
Ubuntu:Pro:14.04:LTSgraphicsmagick1.3.16-1.1ubuntu2, 1.3.18-1ubuntu3, 1.3.18-1ubuntu3.1
Ubuntu:16.04:LTSimagemagick*, 8:6.8.9.9-7ubuntu5.4, 8:6.8.9.9-7ubuntu5.5
Ubuntu:16.04:LTSgraphicsmagick1.3.23-1, 0, 1.3.23-1ubuntu0.3

Exploit Intelligence

…and 18 more exploits

Timeline

  • CVE Published
  • Feb 7, 2018 PoC Published
  • Mar 8, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Jul 28, 2023 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›