CVE-2017-18211
Description
A NULL pointer dereference in ImageMagick 7.0.7's saveBinaryCLProgram can lead to denial of service or potential code execution via crafted images.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in ImageMagick 7.0.7's `saveBinaryCLProgram` can lead to denial of service or potential code execution via crafted images.
Vulnerability
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability exists in the function saveBinaryCLProgram within magick/opencl.c. The issue occurs because the return value of AcquireMagickMemory is not checked before being passed to clGetProgramInfo. Specifically, if AcquireMagickMemory returns NULL (e.g., due to memory allocation failure), the subsequent operation on the binaryProgram pointer leads to a NULL pointer dereference. This code path is reached when processing OpenCL-enabled image operations, requiring the system to have OpenCL support enabled; otherwise, the vulnerable function may not be invoked. The vulnerability is tracked in the ImageMagick issue tracker [2].
Exploitation
An attacker can trigger the vulnerability by providing a specially crafted image file that forces the OpenCL code path in ImageMagick. The attacker does not need any special privileges or authentication beyond the ability to supply an image to a user or automated process using ImageMagick. User interaction is required (e.g., opening the image). The exploit relies on causing a memory allocation failure, which can be induced by exhausting system memory or via specific image properties that lead to a large allocation request. Once triggered, the NULL pointer dereference occurs in CacheOpenCLKernel [2].
Impact
Successful exploitation results in a NULL pointer dereference, which typically causes a segmentation fault and denial of service (crash). Under controlled conditions, an attacker might leverage this bug for arbitrary code execution with the privileges of the user running ImageMagick, as mentioned in the Ubuntu security notice [1]. The severity is rated due to the potential for remote code execution in addition to denial of service.
Mitigation
The vulnerability is fixed in Ubuntu images by updating to the following package versions: 8:6.9.7.4+dfsg-16ubuntu6.4 (Ubuntu 18.04 LTS), 8:6.9.7.4+dfsg-16ubuntu6.4 (Ubuntu 17.10), 8:6.9.7.4+dfsg-16ubuntu6.4 (Ubuntu 16.04 LTS), and 8:6.9.7.4+dfsg-16ubuntu6.4 (Ubuntu 14.04 LTS) [1]. Upgrading to ImageMagick 7.0.7-26 or later is recommended, as the upstream fix is incorporated. Users should apply standard system updates to obtain the corrected packages. No workaround is available besides disabling OpenCL support or applying the patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: =7.0.7
- osv-coords11 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.47.1+ 10 more
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/103220mitrevdb-entryx_refsource_BID
- github.com/ImageMagick/ImageMagick/issues/792mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/09/msg00007.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.