CVE-2017-12644

Vulnerability

ImageMagick version 7.0.6-1 contains a memory leak vulnerability in the ReadDCMImage function within coders/dcm.c [1][2]. The bug occurs when processing a specially crafted DICOM image, causing allocated memory to not be properly freed. The vulnerability is confirmed by a proof-of-concept test case [2].

Exploitation

An attacker can exploit this vulnerability by providing a malformed DICOM image file to an ImageMagick-based application or script that processes untrusted images. No special authentication or network position is required beyond the ability to deliver the file (e.g., via email, web upload, or other file transfer). If the user or automated system opens the crafted file with ImageMagick’s identify, convert, or other image-processing commands, the memory leak is triggered [1][2].

Impact

Successful exploitation can lead to a denial-of-service condition due to memory exhaustion. Additionally, Ubuntu’s security advisory notes that this flaw could be leveraged to execute arbitrary code with the privileges of the user invoking the program [1]. The exact privilege level depends on the running context.

Mitigation

The fix was implemented in ImageMagick commit a33f7498f9052b50e8fe8c8422a11ba84474cb42 [3], which changes the error handling in ReadDCMImage to use ThrowDCMException instead of ThrowReaderException, preventing the leak. The vulnerability is addressed in Ubuntu via USN-3681-1, with updated packages released for Ubuntu 18.04 LTS (bionic) and other supported releases [1]. Users should update their ImageMagick installation to the latest patched version. No workaround is provided in the available references.