CVE-2017-18022
Description
Memory leaks in ImageMagick 7.0.7-12 Q16 in MontageImageCommand cause denial of service and potential information disclosure when processing a malformed file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leaks in ImageMagick 7.0.7-12 Q16 in MontageImageCommand cause denial of service and potential information disclosure when processing a malformed file.
Vulnerability
CVE-2017-18022 describes memory leaks in MontageImageCommand in MagickWand/montage.c in ImageMagick version 7.0.7-12 Q16. The leaks occur when the CloneMontageInfo function is called, which allocates memory via AcquireCriticalMemory and AcquireString, but the allocated memory is not properly freed when no decode delegate is available for the image format or other error conditions arise. The issue is triggered by using magick montage on a specially crafted file (e.g., a non-decodable image). [2]
Exploitation
An attacker would need to provide a malformed or specially crafted image file to a user or system running ImageMagick. The attack requires no authentication beyond the ability to deliver the file (e.g., via a website, email, or file upload). When the user or an automated process runs the montage command (or similar operation) on the file, the memory leak occurs. The leaked memory can accumulate if multiple such files are processed, leading to resource exhaustion. [1][2]
Impact
Successful exploitation results in memory leaks that can lead to denial of service by exhausting system memory. In extreme cases, if the leaked memory contains sensitive data previously in the same memory region, there is a theoretical risk of information disclosure. However, the primary impact for this specific CVE is denial of service via resource consumption. [1][2]
Mitigation
The vulnerability is addressed in ImageMagick updates. Ubuntu USN-3681-1 [1] provides updated packages for Ubuntu 17.10, 16.04 LTS, and 14.04 LTS as of early 2018. Users should upgrade to the fixed versions listed in the advisory. For other distributions, update to ImageMagick version 7.0.7-13 or later. If immediate patching is not possible, avoid processing untrusted image files with the montage command, and consider using a non-vulnerable alternative or version.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- Range: 7.0.7-12 Q16
- osv-coords16 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-4.78.28.2+ 15 more
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Memory leaks occur in the MontageImageCommand function when processing certain image formats."
Attack vector
An attacker can trigger memory leaks by providing a specially crafted input to the `montage` command. The vulnerability is triggered when the `montage` command attempts to process an invalid or unsupported image format, leading to resource exhaustion. The provided example uses `/dev/null` as an input, which causes the `montage` command to fail during image processing, resulting in the leak [ref_id=1].
Affected code
The vulnerability resides in the `MontageImageCommand` function located in the file `MagickWand/montage.c` within the ImageMagick library. Specifically, the issue is related to memory management during the processing of montage operations, as indicated by the call stack showing `CloneMontageInfo` and `GetMontageInfo` leading to the leak [ref_id=1].
What the fix does
The patch addresses memory leaks within the `MontageImageCommand` function in `MagickWand/montage.c`. While a specific patch file is not provided, the issue is described as memory leaks occurring during the processing of montage operations. The fix likely involves ensuring that allocated memory is properly deallocated even when errors occur during image processing, preventing the accumulation of leaked memory [ref_id=1].
Preconditions
- inputThe user must be able to execute the `magick` command with the `montage` subcommand.
- inputThe input provided to the `montage` command must be an image format that triggers the memory leak, such as an invalid or unsupported format.
Reproduction
```bash system:ubuntu 14.04 64 ubuntu@ubuntu:~/fuzz_py$ magick -version Version: ImageMagick 7.0.7-12 Q16 x86_64 2017-12-19 http://www.imagemagick.org Copyright: © 1999-2017 ImageMagick Studio LLC License: http://www.imagemagick.org/script/license.php Features: Cipher DPC HDRI OpenMP Delegates (built-in): fontconfig freetype png x zlib ubuntu@ubuntu:~/fuzz_py$ magick montage poc /dev/null montage: no decode delegate for this image format ' @ error/constitute.c/ReadImage/509. montage: /dev/null' @ error/montage.c/MontageImageCommand/1775. ================================================================= ==116829==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4712 byte(s) in 1 object(s) allocated from: #0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3) #1 0x7ff9bd11fb76 in AcquireCriticalMemory /home/ubuntu/ImageMagick/./MagickCore/memory-private.h:57:10 #2 0x7ff9bd11fb76 in CloneMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:110 #3 0x7ff9bc8448b6 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:353:16 #4 0x7ff9bc7cd1c2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14 #5 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10 #6 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180 #7 0x7ff9ba34df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 Indirect leak of 4108 byte(s) in 1 object(s) allocated from: #0 0x4b9ad3 in malloc (/usr/local/bin/magick+0x4b9ad3) #1 0x7ff9bd318784 in AcquireString /home/ubuntu/ImageMagick/MagickCore/string.c:137:24 #2 0x7ff9bd120199 in GetMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:226:26 #3 0x7ff9bd11fb90 in CloneMontageInfo /home/ubuntu/ImageMagick/MagickCore/montage.c:111:3 #4 0x7ff9bc8448b6 in MontageImageCommand /home/ubuntu/ImageMagick/MagickWand/montage.c:353:16 #5 0x7ff9bc7cd1c2 in MagickCommandGenesis /home/ubuntu/ImageMagick/MagickWand/mogrify.c:183:14 #6 0x4e4ce7 in MagickMain /home/ubuntu/ImageMagick/utilities/magick.c:149:10 #7 0x4e4ce7 in main /home/ubuntu/ImageMagick/utilities/magick.c:180 #8 0x7ff9ba34df44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 SUMMARY: AddressSanitizer: 8820 byte(s) leaked in 2 allocation(s). poc.zip ```
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/102437mitrevdb-entryx_refsource_BID
- github.com/ImageMagick/ImageMagick/issues/904mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.