CVE-2017-15277

Name: CVE-2017-15277
Creator: NVD / NIST
Published: 2017-10-12T08:29:00.29+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 19.19%

Last modified Jun 17, 2026

CVE-2017-15277 is a vulnerability of currently unknown severity. ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.. EPSS estimates a 19.19% chance of exploitation in the next 30 days.

Description

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

Metrics

EPSS Probability

19.19%

97.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Graphicsmagick	Graphicsmagick	1.3.26
Imagemagick	Imagemagick	7.0.6-1

References

https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5Issue Tracking, Patch, Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/592Issue Tracking, Patch, Third Party Advisory
https://github.com/neex/gifoebExploit, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
https://usn.ubuntu.com/3681-1/
https://usn.ubuntu.com/4232-1/
https://www.debian.org/security/2017/dsa-4032
https://www.debian.org/security/2017/dsa-4040
https://www.debian.org/security/2018/dsa-4321
https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5Issue Tracking, Patch, Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/592Issue Tracking, Patch, Third Party Advisory
https://github.com/neex/gifoebExploit, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
https://usn.ubuntu.com/3681-1/
https://usn.ubuntu.com/4232-1/
https://www.debian.org/security/2017/dsa-4032
https://www.debian.org/security/2017/dsa-4040
https://www.debian.org/security/2018/dsa-4321

Timeline

Published: Oct 12, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-15277?

How severe is CVE-2017-15277?

Severity scoring for CVE-2017-15277 is pending analysis. The EPSS model estimates a 19.19% probability of exploitation in the next 30 days.

How do I fix CVE-2017-15277?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-15277?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST