CVE-2017-12641

Vulnerability

ImageMagick 7.0.6-1 contains a memory leak vulnerability in the ReadOneJNGImage function within coders/png.c [1]. The leak occurs when processing specially crafted JNG (JPEG Network Graphics) files, specifically when the chunk length exceeds PNG_UINT_31_MAX or when count is zero, causing allocated memory for color_image and color_image_info to not be freed before throwing a CorruptImageError exception [2].

Exploitation

An attacker can exploit this vulnerability by providing a malicious JNG file to an application that uses ImageMagick to process images (e.g., via identify, convert, or web uploads). No authentication or special privileges are required; the attacker only needs to deliver the crafted file to the target system. The memory leak is triggered during the image reading or identification process, as demonstrated by the AddressSanitizer output [1].

Impact

Successful exploitation leads to progressive memory exhaustion, potentially causing a denial of service (DoS) condition. The vulnerability does not appear to allow arbitrary code execution or information disclosure; the primary impact is on availability [1].

Mitigation

The issue was fixed in commit c9aa9f80828594eacbe3affe16c43d623562e5d8 [2]. Users should upgrade to a version of ImageMagick that includes this patch (e.g., 7.0.6-2 or later). No workaround is documented; the only mitigation is to apply the update or avoid processing untrusted JNG files.