CVE-2017-12805
Description
In ImageMagick 7.0.6-6, the ReadTIFFImage function does not properly validate image dimensions, leading to memory exhaustion and denial of service via crafted TIFF files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In ImageMagick 7.0.6-6, the ReadTIFFImage function does not properly validate image dimensions, leading to memory exhaustion and denial of service via crafted TIFF files.
Vulnerability
In ImageMagick version 7.0.6-6, the function ReadTIFFImage does not properly validate image dimensions or resource limits when processing TIFF files. This allows a specially crafted TIFF image to trigger an attempt to allocate an extremely large amount of memory (e.g., 0x80002000 bytes), causing memory exhaustion and a denial of service [1].
Exploitation
An attacker can exploit this vulnerability by providing a crafted TIFF image file to a user or automated system that processes images with ImageMagick [1][2]. No authentication or special network position is required; the attacker only needs to trick the victim into opening the malicious file using a tool such as the convert command [1].
Impact
Successful exploitation leads to a denial of service condition, as ImageMagick consumes all available memory and crashes. The impact is limited to availability; no information disclosure or code execution is directly associated with this specific vulnerability [1].
Mitigation
ImageMagick has addressed this issue in a later release: patches were included in Ubuntu security updates for versions 8:6.9.10.23+dfsg-2ubuntu1.11.04-1 and later [2]. Fedora also issued updates via security advisories [3][4]. Users should update to the latest version of ImageMagick or apply the relevant distribution-specific patches. No workaround is available without upgrading.
- memory exhaustion in ReadTIFFImage
- USN-4034-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- ImageMagick/ImageMagickdescription
- Range: = 7.0.6-6
- osv-coords10 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 6.8.8.1-71.123.2+ 9 more
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
- (no CPE)range: < 6.8.8.1-71.123.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The ReadTIFFImage function in ImageMagick does not properly handle memory allocation for TIFF images, leading to exhaustion."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted TIFF image file to the ImageMagick `convert` command. The `convert` command then calls the `ReadTIFFImage` function, which attempts to allocate a large amount of memory based on the image's properties. If the allocation fails, it results in a denial of service.
Affected code
The vulnerability exists within the `ReadTIFFImage` function located in the `coders/tiff.c` file. The call stack indicates that `AcquireQuantumPixels` and `SetQuantumDepth` within `MagickCore/quantum.c` are involved in the memory allocation process that leads to the failure.
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance typically involves updating to a patched version of ImageMagick once available. Users should consult official ImageMagick security advisories for the latest information on fixes and updates.
Preconditions
- inputThe attacker must provide a specially crafted TIFF image file.
Reproduction
```bash root@ubuntu:/home/hjy/Desktop# convert oom-ReadTIFFImage /dev/null ```
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4034-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/664mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.