CVE-2017-18250
Description
A NULL pointer dereference in ImageMagick's LogOpenCLBuildFailure allows denial of service via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in ImageMagick's LogOpenCLBuildFailure allows denial of service via crafted file.
Vulnerability
In ImageMagick 7.0.7, the function LogOpenCLBuildFailure in MagickCore/opencl.c contains a NULL pointer dereference vulnerability. The function calls AcquireMagickMemory(log_size) at line 1307, which can return NULL, leading to a subsequent dereference of the log pointer. This issue is triggered when processing a crafted file that invokes OpenCL program building [1].
Exploitation
An attacker can exploit this vulnerability by supplying a specially crafted file that causes AcquireMagickMemory to fail and return NULL. No special privileges or user interaction beyond opening the file is required. The crafted file triggers the code path in LogOpenCLBuildFailure, causing a null pointer dereference [1].
Impact
Successful exploitation results in a denial of service due to a program crash. No other impact (confidentiality, integrity) is demonstrated [1].
Mitigation
No official fix has been disclosed in the available references. Users are advised to monitor the ImageMagick project for updates or apply patches if available. The issue was reported on the ImageMagick issue tracker [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: =7.0.7
- osv-coords5 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.54.5+ 4 more
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.8.8.1-71.54.5
- (no CPE)range: < 6.8.8.1-71.54.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/ImageMagick/ImageMagick/issues/793mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.