PT-2017-3864 · Imagemagick+3 · Imagemagick+3

Neex

Publicado

2016-05-06

Atualizado

2020-04-08

CVE-2017-15277

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.6-1 GraphicsMagick version 1.3.26

Description The issue arises from the ReadGIFImage function in coders/gif.c, which fails to initialize the palette when processing a GIF file without a global or local palette. This can lead to data leakage if the affected product is used as a library in a process handling sensitive data. An attacker could exploit this by using a specially crafted GIF image to gain unauthorized access to protected information.

Recommendations For ImageMagick version 7.0.6-1, update to a version that fixes the ReadGIFImage function issue. For GraphicsMagick version 1.3.26, update to a version that fixes the ReadGIFImage function issue. As a temporary workaround, consider restricting the use of the ReadGIFImage function in coders/gif.c until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2016-1456

ALT-PU-2017-2096

ALT-PU-2017-2227

ALT-PU-2017-2380

ALT-PU-2017-2850

ALT-PU-2018-1520

ALT-PU-2018-2652

BDU:2019-04103

CESA-2016_1237

CESA-2020_1180

CVE-2017-15277

DLA-1139-1

DLA-1140-1

DLA-1456-1

DSA-4032-1

DSA-4040-1

DSA-4321-1

DSA-4321-2

MGASA-2018-0229

OPENSUSE-SU-2018_0025-1

RHSA-2016_1237

RHSA-2020_1180

SUSE-SU-2018:0017-1

SUSE-SU-2018:0043-1

SUSE-SU-2018:0197-1

SUSE-SU-2018_0017-1

SUSE-SU-2018_0043-1

SUSE-SU-2018_0197-1

USN-3681-1

USN-4232-1

Produtos afetados

Graphicsmagick

Imagemagick

Suse

Ubuntu

PT-2017-3864 · Imagemagick+3 · Imagemagick+3

CVE-2017-15277

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 228