CVE-2018-10805
Description
ImageMagick 7.0.7-28 has a memory leak in ReadYCBCRImage that can be triggered by a crafted YCbCr image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.7-28 has a memory leak in ReadYCBCRImage that can be triggered by a crafted YCbCr image.
Vulnerability
ImageMagick version 7.0.7-28 contains a memory leak in the ReadYCBCRImage function in coders/ycbcr.c. When processing a YCbCr image, the function allocates a canvas_image via CloneImage and then attempts to acquire quantum information via AcquireQuantumInfo. If AcquireQuantumInfo fails (returns NULL), the function throws an exception but does not free the previously allocated canvas_image, resulting in a memory leak [1].
Exploitation
An attacker can trigger this memory leak by providing a crafted YCbCr image that causes AcquireQuantumInfo to fail. No special privileges are required; the attacker only needs to submit the malicious image to an application using the vulnerable ImageMagick library. The leak occurs during the decoding process, and repeated processing of such images can lead to memory exhaustion.
Impact
Successful exploitation leads to a memory leak, which can cause memory exhaustion and denial of service (DoS) for the application processing the image. The vulnerability does not allow code execution or information disclosure; it is a resource exhaustion issue.
Mitigation
The issue was reported in the ImageMagick issue tracker [1], but no specific fixed version is mentioned in the reference. Users should upgrade to a version of ImageMagick newer than 7.0.7-28 that includes a fix for this memory leak. If an upgrade is not immediately possible, avoid processing untrusted YCbCr images as a workaround.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- Range: =7.0.7-28
- osv-coords13 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 7.1.0.9-1.1+ 12 more
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 1.2.5-78.61.1
- (no CPE)range: < 1.2.5-78.61.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 7.0.7.34-3.9.1
- (no CPE)range: < 7.0.7.34-3.9.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing free of canvas_image on the AcquireQuantumInfo failure path in ReadYCBCRImage leads to a memory leak."
Attack vector
An attacker can trigger the memory leak by providing a crafted YCbCr image that causes `AcquireQuantumInfo` to fail (return NULL) after `canvas_image` has already been allocated. The missing free on the error path means repeated processing of such images will exhaust memory resources. No special privileges are required beyond the ability to supply an image file to ImageMagick [ref_id=1].
Affected code
The vulnerability is in the `ReadYCBCRImage` function in `coders/ycbcr.c`. At approximately line 170, `CloneImage` allocates memory for `canvas_image`. If the subsequent `AcquireQuantumInfo` call at line 178 fails, the function returns without freeing `canvas_image`, causing a memory leak [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] identifies the root cause: when `AcquireQuantumInfo` fails at line 178, the previously allocated `canvas_image` is not freed before the `ThrowReaderException` return. The remediation would be to add a `DestroyImage(canvas_image)` call on that error path, ensuring the allocation is released before the function exits.
Preconditions
- inputAttacker must supply a crafted YCbCr image file that causes AcquireQuantumInfo to fail after CloneImage succeeds.
- configThe target system must be running ImageMagick version 7.0.7-28.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/1054mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.