VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 12, 2018· Updated Aug 5, 2024

CVE-2017-18029

CVE-2017-18029

Description

Memory leak in ImageMagick 7.0.6-10 Q16's ReadMATImage can cause denial of service via crafted MAT file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory leak in ImageMagick 7.0.6-10 Q16's ReadMATImage can cause denial of service via crafted MAT file.

Vulnerability

A memory leak vulnerability exists in the ReadMATImage function in coders/mat.c of ImageMagick 7.0.6-10 Q16. When processing a specially crafted MATLAB image file, the function fails to properly free allocated memory, leading to a memory leak [2]. The vulnerability is reachable without special privileges, requiring only that a user or automated system opens the malicious file using ImageMagick utilities such as identify [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .mat file that triggers the memory leak when processed. No authentication or network position is required beyond delivering the file to the target; user interaction is necessary for the victim to open the file (e.g., via identify or other ImageMagick commands) [2]. The leak is detected via AddressSanitizer, confirming the flaw [2].

Impact

Successful exploitation results in a denial of service via memory exhaustion, as the memory leak accumulates over time. Under certain conditions, the Ubuntu security advisory notes that this could potentially lead to code execution with the privileges of the user running ImageMagick [1][2]. However, the CVE specifically identifies the direct impact as denial of service.

Mitigation

The vulnerability is fixed in later versions of ImageMagick. Canonical released Ubuntu Security Notice USN-3681-1 on July 10, 2018, which includes updated packages for Ubuntu 18.04 LTS and other supported releases [1]. Users should upgrade to the corrected package versions listed in the advisory (e.g., 8:6.9.7.4+dfsg-16ubuntu6.10 for Ubuntu 18.04). No workaround is available; updating is the recommended course of action [1].

References
  1. USN-3681-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. memory leak in ReadMATImage

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"A memory leak occurs in the ReadMATImage function when processing a crafted MAT file."

Attack vector

An attacker can cause a denial of service by providing a specially crafted MAT file to an application that uses ImageMagick to process it. The vulnerability is triggered when the `identify` command is used on the malicious file, leading to a memory leak [ref_id=1]. This leak can exhaust system resources over time, resulting in a denial of service.

Affected code

The vulnerability resides in the `ReadMATImage` function located in the file `coders/mat.c` [ref_id=1]. The leak is observed during the processing of MAT files, specifically involving functions like `decompress_block` and `AcquireImage` [ref_id=1].

What the fix does

The provided bundle does not contain information about a patch or specific remediation steps. The advisory indicates a memory leak in the `ReadMATImage` function within `coders/mat.c` [ref_id=1]. Further analysis of the code and a potential fix would be required to detail the remediation.

Preconditions

  • inputThe attacker must provide a crafted MAT file.

Reproduction

testcase:https://github.com/bestshow/p0cs/blob/master/memory_leak_in_ReadMATImage966.mat

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.