CVE-2017-12662

Vulnerability

In ImageMagick version 7.0.6-2, the function WritePDFImage in coders/pdf.c has a memory leak vulnerability. When AcquireVirtualMemory fails, the allocated xref array is not freed before throwing an exception, leaking memory. The leak occurs at two points in the function (lines 1992 and 2092) where RelinquishMagickMemory(xref) was missing [1]. The issue is triggered during PDF output processing when converting images, such as via the convert command [2].

Exploitation

An attacker needs to provide a crafted image file that, when processed by ImageMagick's convert tool (or any use of WritePDFImage), causes a memory allocation failure. This can be achieved by crafting an image with excessively large dimensions or otherwise exhausting memory. No special privileges are required beyond the ability to supply a malicious file to a vulnerable ImageMagick instance [2]. The memory leak accumulates over successive operations, eventually leading to denial of service.

Impact

Successful exploitation leads to progressive memory exhaustion (denial of service) as leaked memory is not reclaimed. The vulnerability does not provide code execution or data exfiltration; it is a resource exhaustion issue with high availability impact (CVSS 8.8) [2].

Mitigation

The fix is commit bd40cc5f53067322861b881485cbd70f509f3829 [1], released as part of ImageMagick version 7.0.6-3 or later. Users should upgrade to a patched version. If patching is not immediately possible, avoid processing untrusted image files with PDF output. No workaround other than upgrading is documented.