CVE-2015-8808

MEDIUM

Graphicsmagick < 1.3.17 - Memory Corruption

Title source: rule

Description

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

References (7)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html

[Mailing List] http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/83058

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3746

[Mailing List] http://www.openwall.com/lists/oss-security/2016/02/06/1

[Mailing List] http://www.openwall.com/lists/oss-security/2016/02/06/3

Scores

CVSS v3 5.5

EPSS 0.0029

EPSS Percentile 52.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (5)

graphicsmagick/graphicsmagick < 1.3.17

suse/linux_enterprise_debuginfo

suse/studio_onsite

suse/linux_enterprise_software_development_kit

fedoraproject/fedora

Timeline

Published Jul 13, 2016

Tracked Since Feb 18, 2026