VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 20, 2018· Updated Aug 5, 2024

CVE-2018-14435

CVE-2018-14435

Description

ImageMagick 7.0.8-4 has a memory leak in the DecodeImage function in coders/pcd.c that can be triggered via a crafted PCD image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick 7.0.8-4 has a memory leak in the DecodeImage function in coders/pcd.c that can be triggered via a crafted PCD image.

Vulnerability

In ImageMagick 7.0.8-4 and possibly earlier versions, the DecodeImage() function in coders/pcd.c contains a memory leak. A buffer is allocated at line 0x800 of AcquireQuantumMemory, but the corresponding deallocation is missing when an exception is thrown in the default branch of a switch statement at line 286 of the same file [2]. This occurs during processing of PhotoCD (PCD) images.

Exploitation

An attacker would need to provide a specially crafted PCD file that triggers the exception branch in the DecodeImage() function. No special privileges or network position other than the ability to submit an image to ImageMagick are required. The leak manifests each time the vulnerable code path is exercised.

Impact

Repeated exploitation can lead to cumulative memory exhaustion, resulting in a denial of service (DoS) condition [1]. The leak does not directly allow arbitrary code execution or information disclosure; the primary impact is availability degradation.

Mitigation

The Ubuntu security notice [1] indicates that a fix was included in the USN-3785-1 update, released on 2018-09-17, which addresses several memory leak CVEs including CVE-2018-14435. Users should upgrade their ImageMagick packages to the patched version. No workaround is documented; guarding against untrusted PCD file processing can reduce risk. The issue is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. USN-3785-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. coders/pcd.c DecodeImage()function potential memory-leak bug

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

13

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing free of allocated buffer in the exception branch of DecodeImage() in coders/pcd.c."

Attack vector

An attacker provides a crafted PCD image file that triggers the `CorruptImageError` exception path in `DecodeImage()` [ref_id=1]. When the decoder reaches the `default` case in the switch statement (line 286), `ThrowBinaryException` is called without first freeing the `buffer` allocation made at line 186, causing a memory leak [ref_id=1]. Repeatedly processing such malformed files can exhaust system memory.

Affected code

The vulnerability is in `coders/pcd.c` in the `DecodeImage()` function. Memory is allocated via `AcquireQuantumMemory(0x800,sizeof(*buffer))` at line 186, but is not freed in the exception branch at line 286 where `ThrowBinaryException(CorruptImageError,"CorruptImage", image->filename)` is called [ref_id=1].

What the fix does

The advisory does not include a patch, but the fix would require freeing the `buffer` allocation before calling `ThrowBinaryException` in the `default` exception branch at line 286 of `coders/pcd.c` [ref_id=1]. The normal branch already frees the buffer, so the missing deallocation in the error path is the sole defect [ref_id=1].

Preconditions

  • inputAttacker must supply a crafted PCD image file that triggers the CorruptImageError exception path in DecodeImage()
  • configThe target must process the malicious file using ImageMagick's PCD decoder

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.