CVE-2018-11655
Description
ImageMagick 7.0.7-20 has a memory leak in GetImagePixelCache when processing a crafted CALS file, enabling denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.7-20 has a memory leak in GetImagePixelCache when processing a crafted CALS file, enabling denial of service.
Vulnerability
A memory leak vulnerability exists in ImageMagick version 7.0.7-20 Q16 x86_64. The flaw resides in the GetImagePixelCache function within MagickCore/cache.c. When processing a specially crafted CALS image file, the function fails to properly free allocated pixel cache memory, leading to progressive memory consumption. The issue is triggered via WriteCALSImage in coders/cals.c during image format conversion operations [1].
Exploitation
An attacker must deliver a malicious CALS image file to the victim and convince them to process it using ImageMagick (e.g., via convert or magick commands). No special privileges or network position are required beyond the ability to supply the file. The vulnerability manifests when ImageMagick converts the CALS image to a different format, such as GROUP4 TIFF, as demonstrated by the trigger command WriteGROUP4Image-memory-leaks /dev/null. The memory leak occurs repeatedly for each crafted file processed [1].
Impact
Successful exploitation results in a denial of service (DoS) condition. The attacker can exhaust available system memory by repeatedly triggering the leak, potentially causing the application to crash or the system to become unresponsive. The vulnerability only affects availability; there is no evidence of information disclosure or code execution from the available references [1].
Mitigation
The ImageMagick project has not released a specific patch for this issue in the available references. Users should upgrade to a version newer than 7.0.7-20 if a fix becomes available. As a workaround, avoid processing untrusted CALS image files or use a policy to restrict the CALS decoder. At the time of publication, no vendor advisory or KEV listing exists [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: = 7.0.7-20 Q16 x86_64
- osv-coords5 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.65.1+ 4 more
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The `GetImagePixelCache` function in `MagickCore/cache.c` does not properly release acquired memory, leading to leaks when processing CALS images."
Attack vector
An attacker can cause a denial of service by providing a specially crafted CALS image file to an application using ImageMagick. Processing this file triggers a memory leak within the `GetImagePixelCache` function. Repeated processing of such files can exhaust system memory, leading to a denial of service.
Affected code
The vulnerability resides in the `GetImagePixelCache` function within `MagickCore/cache.c` [ref_id=1]. The leak occurs during the acquisition and cloning of the pixel cache, as indicated by the ASAN output showing leaks originating from `AcquireMagickMemory` and `AcquirePixelCache` calls within this function and related functions like `ClonePixelCache` [ref_id=1].
What the fix does
The patch addresses the memory leak by ensuring that memory acquired for the pixel cache is properly released. Specifically, the `AcquirePixelCache` function now correctly handles the deallocation of memory, preventing the accumulation of leaked memory when processing CALS images. This resolves the denial of service vulnerability.
Preconditions
- inputThe attacker must provide a crafted CALS image file.
Reproduction
The reference write-up provides a test case URL for a crafted CALS image file that triggers the memory leak [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/930mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.