CVE-2018-14434
Description
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c, leading to denial of service.
Vulnerability
ImageMagick 7.0.8-4 contains a memory leak in the WriteMPCImage function in coders/mpc.c. The vulnerability occurs when a colormap is allocated via AcquireQuantumMemory, but if an exception is thrown (e.g., CorruptImageError), the allocated memory is not freed before returning, resulting in a leak [3]. This affects versions up to and including 7.0.8-4.
Exploitation
An attacker must craft a malicious image that triggers the exception path in WriteMPCImage. The user or automated system processing the image does not require any special privileges. By repeatedly processing such images, the attacker can exhaust memory resources. The leak is triggered without user interaction beyond opening the file [1][2][3].
Impact
The memory leak leads to a denial of service (DoS) as memory consumption grows unbounded. The attacker can cause the affected application (e.g., ImageMagick or any software using the library) to crash or become unresponsive. No other impact such as code execution or data corruption is indicated in the available references.
Mitigation
Ubuntu published security updates USN-3785-1 [1] and USN-4034-1 [2] that include a fix for this vulnerability. Users should upgrade to the latest patched version of ImageMagick. As a temporary workaround, administrators may restrict processing of untrusted images or disable support for formats that trigger the vulnerable code path via policy configuration.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- Range: = 7.0.8-4
- osv-coords11 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 7.1.0.9-1.1+ 10 more
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 7.0.7.34-3.14.1
- (no CPE)range: < 7.0.7.34-3.14.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.4.3.6-78.56.1
- (no CPE)range: < 6.8.8.1-71.74.1
- (no CPE)range: < 6.8.8.1-71.74.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing deallocation of colormap memory on exception paths in WriteMPCImage leads to a memory leak."
Attack vector
An attacker can trigger this memory leak by supplying a crafted image file that causes `WriteMPCImage` to enter an error branch (e.g., an unsupported depth value) after the colormap has been allocated. Because the colormap pointer is not freed on the exception path, each such invocation leaks the colormap buffer. Repeated processing of malicious files can exhaust available memory, leading to a denial-of-service condition. No authentication or special network access is required if the attacker can submit images to an ImageMagick-based service.
Affected code
The vulnerability is in `coders/mpc.c` at the colormap allocation block around line 1460. The function `WriteMPCImage` allocates a colormap via `AcquireQuantumMemory` inside an `if` block, but the allocated memory is only freed on the normal code path; the exception (error) branches that jump to the end of the function do not free the colormap [ref_id=1].
What the fix does
The issue report [ref_id=1] identifies that the colormap memory allocated by `AcquireQuantumMemory` in `WriteMPCImage` is freed in the normal branch but not in the exception (error) branches. The fix must ensure that the colormap pointer is freed before returning on every error path that occurs after allocation. No patch diff is included in the bundle, but the remediation is to add a `colormap` cleanup (e.g., `colormap=(unsigned char *) RelinquishMagickMemory(colormap);`) on each early-return path that follows the allocation.
Preconditions
- inputThe attacker must be able to supply a crafted image file to an ImageMagick process that invokes WriteMPCImage (e.g., via convert, identify, or a web service using ImageMagick).
- inputThe crafted image must trigger an error path (e.g., an unsupported depth value) after the colormap allocation.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- usn.ubuntu.com/3785-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4034-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/1192mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.