CVE-2017-18254

Vulnerability

A memory leak vulnerability exists in ImageMagick 7.0.7 in the WriteGIFImage function within coders/gif.c. The issue occurs when memory allocation for global colormap or colormap buffers fails; if only one allocation succeeds, the other buffer is leaked because the error-handling path does not free the successfully allocated memory. An attacker can trigger this condition by providing a specially crafted GIF file that forces an allocation failure, leading to a denial of service via memory exhaustion [1] [2].

Exploitation

An attacker needs to deliver a crafted image file to a user or automated system that processes it with a vulnerable version of ImageMagick. No authentication or special privileges are required beyond access to the file. The attacker crafts a GIF file that causes AcquireQuantumMemory to return NULL for either global_colormap (line 1560) or colormap, while the other allocation succeeds. When the subsequent NULL check fails and ThrowWriterException is called, the successful allocation is not freed, resulting in a memory leak [2].

Impact

Successful exploitation causes a memory leak, leading to increasing memory consumption over repeated triggers. This can exhaust available memory resources, resulting in a denial of service for the application or system processing the image. The vulnerability does not allow code execution or data manipulation, but it can cause system instability or crash [1] [2].

Mitigation

The fix is included in ImageMagick versions updated after the disclosure. Ubuntu released a security update (USN-3681-1) which addressed this vulnerability; affected Ubuntu users should update to the fixed package versions listed in the advisory. For other distributions, users should update to a patched version of ImageMagick (e.g., 7.0.7-25 or later). No workaround is available other than avoiding processing untrusted GIF files until the patch is applied [1].