CVE-2017-15277

MEDIUM

GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-15277. PoCs published by hexrom.

AI-analyzed exploit summary This PoC exploits CVE-2017-15277 in ImageMagick by leveraging a crafted GIF file to trigger arbitrary file deletion via a delegate function. The attack involves social engineering to lure a victim into processing a malicious image.

Description

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

Exploits (3)

nomisec WORKING POC 5 stars
by hexrom · poc
https://github.com/hexrom/ImageMagick-CVE-2017-15277

This PoC exploits CVE-2017-15277 in ImageMagick by leveraging a crafted GIF file to trigger arbitrary file deletion via a delegate function. The attack involves social engineering to lure a victim into processing a malicious image.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ImageMagick (versions before 7.0.7-4)
No auth needed
Prerequisites: Victim must process a malicious GIF file · Attacker must host malicious files on a controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/tacticthreat/imagemagick-cve-2017-15277

This repository contains a functional PoC for CVE-2017-15277, an SSRF vulnerability in ImageMagick. The exploit leverages crafted URLs and metadata in GIF files to force the server to make arbitrary HTTP requests, potentially leading to information disclosure or further exploitation.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: ImageMagick (versions affected by CVE-2017-15277)
No auth needed
Prerequisites: Attacker-controlled server to host malicious files · Victim server processing untrusted images with ImageMagick
devstral-2 · analyzed Feb 23, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/0xr0m/imagemagick-cve-2017-15277

This repository contains a functional PoC for CVE-2017-15277, an ImageMagick vulnerability involving improper handling of GIF files. The exploit leverages a crafted GIF file and a chain of PHP scripts to trigger remote code execution via a server-side request forgery (SSRF) attack.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ImageMagick (versions affected by CVE-2017-15277)
No auth needed
Prerequisites: Vulnerable ImageMagick installation · Attacker-controlled server to host malicious files · Ability to induce the target to process a crafted GIF file
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4040
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3681-1/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/neex/gifoeb
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4321
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4032
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/ImageMagick/ImageMagick/issues/592
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4232-1/

Scores

CVSS v3 6.5
EPSS 0.4848
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
graphicsmagick/graphicsmagick 1.3.26
imagemagick/imagemagick 7.0.6-1
Published Oct 12, 2017
Tracked Since Feb 18, 2026