CVE-2017-15277

Priority
Description
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick
1.3.26 leaves the palette uninitialized when processing a GIF file that has
neither a global nor local palette. If the affected product is used as a
library loaded into a process that operates on interesting data, this data
sometimes can be leaked via the uninitialized palette.
Notes
mdeslaur0328-CVE-2017-15277-Fix-information-disclosure-in-ReadGIFImage.patch in wheezy
0255-CVE-2017-15277.patch in jessie
0107-CVE-2017-15277.patch in stretch
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.23-1ubuntu0.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.26-14)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.3.26-14)
Ubuntu 20.04 (Focal Fossa):not-affected (1.3.26-14)
Patches:
Upstream:http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/923c4a525c99
Package
Upstream:released (8:6.9.9.34+dfsg-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [8:6.7.7.10-6ubuntu3.11])
Ubuntu 16.04 LTS (Xenial Xerus):released (8:6.8.9.9-7ubuntu5.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (8:6.9.7.4+dfsg-16ubuntu6.2)
Ubuntu 19.10 (Eoan Ermine):released (8:6.9.7.4+dfsg-16ubuntu8)
Ubuntu 20.04 (Focal Fossa):released (8:6.9.7.4+dfsg-16ubuntu8)
Patches:
Upstream:https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
More Information

Updated: 2020-01-29 18:46:16 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)